2f8df1d89fa5e1d0480a0950eb4a208a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f8df1d89fa5e1d0480a0950eb4a208a_JaffaCakes118
Size

159KB
MD5

2f8df1d89fa5e1d0480a0950eb4a208a
SHA1

f37734a378c5e70360fc2596395427164dc1a886
SHA256

25ea848697091da78525637c43f3a6a64bc717120b1563469d75d3e71f204b6e
SHA512

c877bcb28e09b2564cd549f0d2b48696b25bd6e0d6b8db7c845a4ac095a4a3f9a8dd78c0d9bbfc8d2713f447347c953f57a820ddc39b326f108ba537f482ec8f
SSDEEP

3072:yJ7GMdxrPUG6NC2Jm+don0C2cJaJFs0r9gkJKqDm+TAnBRjvt:EjdcnJk0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f8df1d89fa5e1d0480a0950eb4a208a_JaffaCakes118

Files

2f8df1d89fa5e1d0480a0950eb4a208a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6b5c588b98b3be2456a73d955d682921

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\FxXmbKJYtRqQ\xLgozrc\uytgwhTDOpYgze\uTTkcpthEddh.pdb

Imports

ntoskrnl.exe

ZwQueryInformationFile
IoFreeController
MmFlushImageSection
RtlAreBitsClear
IoFreeMdl
RtlInitializeUnicodePrefix
ZwPowerInformation
RtlClearBits
FsRtlFastUnlockSingle
IoSetStartIoAttributes
CcInitializeCacheMap
ExAcquireFastMutexUnsafe
KeSetEvent
IoAcquireCancelSpinLock
KeQueryTimeIncrement
RtlUnicodeToOemN
IoRegisterFileSystem
RtlEqualString
KefAcquireSpinLockAtDpcLevel
ProbeForRead
RtlxOemStringToUnicodeSize
RtlInitAnsiString
FsRtlLookupLastLargeMcbEntry
IoStartPacket
RtlClearAllBits
RtlFillMemoryUlong
SeValidSecurityDescriptor
ZwSetVolumeInformationFile
RtlFindSetBits
IoGetDmaAdapter
PsSetLoadImageNotifyRoutine
MmIsVerifierEnabled
ExAllocatePool
IoSetTopLevelIrp
RtlTimeToSecondsSince1970
ExAcquireResourceSharedLite
PoSetSystemState
MmSizeOfMdl
KeEnterCriticalRegion
IoAcquireRemoveLockEx
IoInvalidateDeviceRelations
KeSetImportanceDpc
RtlVerifyVersionInfo
IoCreateNotificationEvent
IoGetDeviceToVerify
RtlCompareUnicodeString
FsRtlIsTotalDeviceFailure
KeReadStateTimer
IofCallDriver
KeQueryInterruptTime
RtlSecondsSince1980ToTime
ExLocalTimeToSystemTime
RtlValidSid
SeCaptureSubjectContext
PsGetVersion
MmLockPagableDataSection
IoGetAttachedDevice
KeSetSystemAffinityThread
IoAllocateAdapterChannel
FsRtlNotifyInitializeSync
IoAllocateErrorLogEntry
IoReleaseVpbSpinLock
RtlGetVersion
MmMapLockedPagesSpecifyCache
ZwOpenFile
IoStopTimer
PoCallDriver
FsRtlCheckLockForReadAccess
MmFreeMappingAddress
RtlLengthSid
PsImpersonateClient
FsRtlDeregisterUncProvider
KeInitializeApc
RtlInitUnicodeString
RtlRemoveUnicodePrefix
RtlCreateAcl
ZwCreateDirectoryObject
ObQueryNameString
KeInsertHeadQueue
PoRegisterSystemState
RtlxUnicodeStringToAnsiSize
ExRegisterCallback
KeInsertQueue
PsReferencePrimaryToken
IoFreeIrp
IoCreateDevice
RtlLengthSecurityDescriptor
ExCreateCallback
SePrivilegeCheck
ZwQueryObject
IoQueryDeviceDescription
ExIsProcessorFeaturePresent
CcFastMdlReadWait
ExAllocatePoolWithQuotaTag
IoReportResourceForDetection
KeClearEvent
KeInsertByKeyDeviceQueue
IoInitializeRemoveLockEx
RtlQueryRegistryValues
RtlInitializeBitMap
SeQueryInformationToken
MmLockPagableSectionByHandle
CcPreparePinWrite
IoGetDeviceInterfaceAlias
IoFreeErrorLogEntry
WmiQueryTraceInformation
KeSetTimer
ZwLoadDriver
RtlWriteRegistryValue
KeWaitForMultipleObjects
MmFreeContiguousMemory
MmResetDriverPaging
CcSetDirtyPinnedData
IoReadDiskSignature
ExAllocatePoolWithTag
IoQueryFileDosDeviceName
ExQueueWorkItem
ZwCreateSection
PsTerminateSystemThread
CcUninitializeCacheMap
PsGetThreadProcessId
RtlSetBits
RtlSecondsSince1970ToTime
FsRtlCheckLockForWriteAccess
PsGetCurrentThread
MmCanFileBeTruncated
IoOpenDeviceRegistryKey
HalExamineMBR
RtlFindClearBitsAndSet
KeDelayExecutionThread
RtlTimeFieldsToTime
MmAdvanceMdl
RtlCreateSecurityDescriptor
MmUnmapIoSpace
RtlRandom
IoBuildSynchronousFsdRequest
IoGetLowerDeviceObject
RtlNumberOfClearBits
SeFilterToken
MmSecureVirtualMemory
KeWaitForSingleObject
KeReadStateSemaphore
ZwSetSecurityObject
ZwQueryKey
IoInitializeIrp
RtlUpperString
RtlFindLastBackwardRunClear
RtlCharToInteger
PsIsThreadTerminating
SeAssignSecurity
PsCreateSystemThread
CcUnpinData
RtlGetCallersAddress
KeResetEvent
RtlAnsiCharToUnicodeChar
KeSaveFloatingPointState
ZwOpenSection
IoGetDeviceAttachmentBaseRef
KeRemoveDeviceQueue
MmAllocateMappingAddress
IoCreateSymbolicLink
IoCreateStreamFileObject
PsReturnPoolQuota
KeRemoveQueueDpc
ExInitializeResourceLite
IoFreeWorkItem
CcSetFileSizes
RtlCopyLuid
ObReferenceObjectByPointer
MmUnlockPages
IoCreateSynchronizationEvent
IoStartNextPacket
RtlStringFromGUID
IoAcquireVpbSpinLock
IofCompleteRequest
RtlFindLongestRunClear
SeReleaseSubjectContext
ZwWriteFile
IoCreateStreamFileObjectLite
CcRepinBcb
SeFreePrivileges
ZwQuerySymbolicLinkObject
RtlUpcaseUnicodeString
MmUnmapLockedPages
CcRemapBcb
IoWMIRegistrationControl
IoGetDeviceProperty
ExRaiseDatatypeMisalignment
RtlAppendStringToString
CcZeroData
IoReleaseCancelSpinLock
ExFreePoolWithTag
MmBuildMdlForNonPagedPool
FsRtlSplitLargeMcb
IoReuseIrp
IoDeleteSymbolicLink
ExDeleteNPagedLookasideList
RtlFreeAnsiString
RtlFindMostSignificantBit
CcSetBcbOwnerPointer
ExUuidCreate
RtlValidSecurityDescriptor
CcDeferWrite
CcMdlRead
RtlGUIDFromString
RtlGetNextRange
VerSetConditionMask
RtlUpcaseUnicodeToOemN
RtlDeleteElementGenericTable
RtlFindClearBits
KeSetBasePriorityThread
MmPageEntireDriver
ZwOpenSymbolicLinkObject
IoWritePartitionTableEx
IoCsqRemoveIrp
KeInitializeMutex
ObCreateObject
RtlAppendUnicodeToString
MmProbeAndLockProcessPages
ExVerifySuite
IoGetRequestorProcessId
KeReleaseMutex
KeInitializeSemaphore
ExSystemTimeToLocalTime
PoUnregisterSystemState
FsRtlAllocateFileLock
KeUnstackDetachProcess
CcPinMappedData
IoSetDeviceToVerify
SeSinglePrivilegeCheck
IoQueueWorkItem
IoRequestDeviceEject
IoInitializeTimer
IoSetDeviceInterfaceState
SeQueryAuthenticationIdToken
PoRequestPowerIrp
MmAllocatePagesForMdl
RtlInitializeGenericTable
DbgPrompt
RtlInsertUnicodePrefix
KeRegisterBugCheckCallback
CcGetFileObjectFromBcb
MmProbeAndLockPages
KeSetTimerEx
IoIsOperationSynchronous
ZwMakeTemporaryObject
ExAllocatePoolWithQuota
KeInitializeEvent
KeRemoveByKeyDeviceQueue
RtlPrefixUnicodeString
RtlFindUnicodePrefix
ZwSetValueKey
KeDeregisterBugCheckCallback
KeFlushQueuedDpcs
IoEnumerateDeviceObjectList
CcCopyWrite

Exports

Exports

?CallTimerOriginal@@YGPAXPAK&U
?InsertFullNameOriginal@@YGGDEHPAE&U
?HideMemoryOriginal@@YGDNPADD&U
?SendCharA@@YGJF&U
?CopyFolderPathOriginal@@YGPAHPAFPADN&U
?IncrementTimerOriginal@@YG_NPADMJ&U
?FormatWindowA@@YGGPAI&U
?InstallWidthExW@@YGPAEPAEE&U
?FormatProcessOriginal@@YGXPAGPANPAM&U
?IsKeyboardOriginal@@YGPAIM&U
?LoadExpressionW@@YGGFF&U
?CloseMediaTypeExW@@YGIHPAGPAJ&U
?DateExW@@YGEIPAFG&U
?CrtDirectoryA@@YGDGKJ&U
?HideMutexExA@@YGJD&U
?IsValidSectionOld@@YGPANPAI&U
?InvalidateMediaTypeExW@@YGPAXK&U
?SetOptionOriginal@@YGKMPAM&U
?IsValidFileOld@@YGPAEHD&U
?IsValidKeyName@@YGGNGH&U
?SetFolder@@YGIPAGPAG&U
?FindDirectoryExW@@YGJM&U
?CrtDialogExA@@YGGI&U
?LoadTextExW@@YGHDFPA_N&U
?LoadRectNew@@YGPANPAK&U
?ValidateDialogExW@@YGFM&U
?InsertFullNameExA@@YGNJEPAH&U
?CallTextA@@YGPAXPADDPAFI&U
?DecrementThread@@YGXKNDPAK&U
?LoadRectExW@@YGXGKI_N&U
?GenerateDateTimeA@@YGPAXNMPAJ&U
?GetDeviceOld@@YGKJDPAH_N&U
?InsertDataOriginal@@YGEE&U
?FormatConfigNew@@YGHKFF&U
?CancelDateTime@@YGJPAFPAKI&U
?IsNotWidthEx@@YGKDFPAN&U
?SendProfileOld@@YGEPAMIPAF&U
?ModifyEventNew@@YG_NFKEM&U

Sections

.text
Size: 27KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 487B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5c588b98b3be2456a73d955d682921

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 487B

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 672B

.text
Size: 27KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 487B

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 672B