3287f06eaa3ec3eb8cc0ece5ef8463c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3287f06eaa3ec3eb8cc0ece5ef8463c1_JaffaCakes118
Size

73KB
MD5

3287f06eaa3ec3eb8cc0ece5ef8463c1
SHA1

cf34fdc070f7984673452f1125f02c1c5c9d0c38
SHA256

0a4552ccceafbdfdc501011972eed6950e55050798a782f1e23dd991d3915044
SHA512

6619eb42055f4ba705747bb623c57e015dc7aacb02ff55dd85c633b907d8438ccaac9ed346df44b3d0731efab4c3095ddc69d28faaf8d3b2c4004cd5d8749780
SSDEEP

768:DReP2EkPdtxDfIzTaQJdCLPbe5J9FCQ/xl5Ivf7b+ECpI/qK+GwubLVDoajkk/QG:DReP2EitxOa8Ce5fDFsPJ/HwubVZF4G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3287f06eaa3ec3eb8cc0ece5ef8463c1_JaffaCakes118

Files

3287f06eaa3ec3eb8cc0ece5ef8463c1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1b16e67cb8ae5a7cd8b3cdc3b7e57761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\rmsmIsogt\TyDyjkxqvjyq\ubDrhAsh\PgarZXEdyvegnM.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
KeInsertHeadQueue
RtlWriteRegistryValue
RtlFreeUnicodeString
IoGetAttachedDeviceReference
PsLookupProcessByProcessId
MmIsThisAnNtAsSystem
IoGetDiskDeviceObject
ExAllocatePool
IoInitializeTimer
RtlVerifyVersionInfo
CcRemapBcb
KeInitializeTimerEx
ExLocalTimeToSystemTime
IoStartNextPacket
KeInsertQueue
ExInitializeResourceLite
ExSystemTimeToLocalTime
ZwFreeVirtualMemory
KeSetTimerEx
KeClearEvent
KeSetTimer
ExFreePoolWithTag
PoCallDriver
PsGetCurrentThread
PoRegisterSystemState
SeTokenIsRestricted
KeInitializeSpinLock
SePrivilegeCheck
IoMakeAssociatedIrp
RtlxUnicodeStringToAnsiSize
ExVerifySuite
IoIsSystemThread
IoGetDeviceObjectPointer
RtlAnsiStringToUnicodeString
IoCheckShareAccess
CcMdlReadComplete
PoStartNextPowerIrp
IoUpdateShareAccess
RtlCopyLuid
FsRtlCheckLockForReadAccess
MmAdvanceMdl
KeRemoveDeviceQueue
RtlFindClearRuns
IoWMIWriteEvent
RtlDeleteElementGenericTable
KeLeaveCriticalRegion
IoCancelIrp
RtlDowncaseUnicodeString
RtlInitUnicodeString
RtlQueryRegistryValues
PsGetThreadProcessId
ExRaiseDatatypeMisalignment
IoReportDetectedDevice
IoCheckQuotaBufferValidity
PsGetVersion
KeInsertByKeyDeviceQueue
RtlNumberOfClearBits
ExAllocatePoolWithQuota
IoFreeController
ZwSetVolumeInformationFile
IoReleaseVpbSpinLock
RtlDeleteRegistryValue
RtlUpcaseUnicodeString
PoRequestPowerIrp
RtlUpperString
RtlSetBits
ZwMapViewOfSection
IoDeleteController
MmIsDriverVerifying
SeAccessCheck
KeRevertToUserAffinityThread
IofCallDriver
ZwAllocateVirtualMemory
PsLookupThreadByThreadId
IoStartPacket
IoVerifyVolume
KeRemoveQueueDpc
IoGetAttachedDevice
ZwOpenKey
IoWMIRegistrationControl
ExRegisterCallback
PoSetPowerState
FsRtlNotifyUninitializeSync
IoGetRequestorProcessId
FsRtlFastCheckLockForRead
RtlFindLeastSignificantBit
IoRaiseHardError
RtlSetDaclSecurityDescriptor
RtlGetVersion
PsSetLoadImageNotifyRoutine
FsRtlCheckLockForWriteAccess
KeInsertQueueDpc
ZwClose
ObQueryNameString
KeUnstackDetachProcess
FsRtlFastUnlockSingle
MmUnmapLockedPages
ObReferenceObjectByPointer
IoAllocateWorkItem
RtlLengthSid
RtlInitString
RtlUnicodeToMultiByteN
RtlSecondsSince1970ToTime
PsRevertToSelf
KdEnableDebugger
CcIsThereDirtyData
RtlFindLastBackwardRunClear
IoInvalidateDeviceState
KeSetTargetProcessorDpc
RtlRemoveUnicodePrefix
IoGetDeviceInterfaceAlias
IoEnumerateDeviceObjectList
KeStackAttachProcess
CcPinRead
MmUnsecureVirtualMemory
IoSetDeviceInterfaceState
CcCanIWrite
ZwOpenFile
PsGetProcessId
RtlInitializeGenericTable
RtlCreateAcl
IoGetDeviceProperty
ZwOpenProcess
ObMakeTemporaryObject
CcCopyWrite
MmMapLockedPagesSpecifyCache
ZwQueryVolumeInformationFile
CcSetBcbOwnerPointer
WmiQueryTraceInformation
MmSecureVirtualMemory
RtlOemStringToUnicodeString
FsRtlIsHpfsDbcsLegal
PsTerminateSystemThread
PsGetCurrentProcess
KeSetKernelStackSwapEnable
RtlCompareUnicodeString
IoBuildSynchronousFsdRequest
SeSinglePrivilegeCheck
CcUnpinRepinnedBcb
IoCreateSynchronizationEvent
IoSetTopLevelIrp
RtlxOemStringToUnicodeSize
ZwQuerySymbolicLinkObject
ZwSetSecurityObject
KeGetCurrentThread
ExGetExclusiveWaiterCount
IoReadPartitionTable
MmHighestUserAddress
RtlGetCallersAddress
IoGetTopLevelIrp
IoVolumeDeviceToDosName
RtlCopyString
ExAllocatePoolWithQuotaTag
IoSetPartitionInformation
KeSetSystemAffinityThread
IoFreeIrp
KePulseEvent
IoRequestDeviceEject
KeInitializeEvent
ExDeleteNPagedLookasideList
RtlFindClearBitsAndSet
IoThreadToProcess
KeRemoveEntryDeviceQueue
PsGetCurrentThreadId
IoDeviceObjectType
IoGetDeviceInterfaces
SeTokenIsAdmin
PoSetSystemState
RtlEqualString
KeInitializeSemaphore
ObInsertObject
KeReleaseMutex
CcUnpinData
PsChargeProcessPoolQuota
ExUnregisterCallback
IoDeleteSymbolicLink
MmSizeOfMdl
ObOpenObjectByPointer
MmMapUserAddressesToPage
ZwMakeTemporaryObject
IoReleaseRemoveLockEx
RtlInsertUnicodePrefix
RtlAppendStringToString
ZwDeviceIoControlFile
ZwLoadDriver
RtlGetNextRange
KeBugCheck
IoSetDeviceToVerify
MmIsAddressValid
ZwQueryObject
MmUnlockPages
FsRtlSplitLargeMcb
CcMapData
RtlClearAllBits
KeEnterCriticalRegion
IoGetRequestorProcess
MmBuildMdlForNonPagedPool
FsRtlIsTotalDeviceFailure
RtlHashUnicodeString
MmUnmapReservedMapping
RtlTimeToSecondsSince1980
RtlCopyUnicodeString
IoSetStartIoAttributes
HalExamineMBR
RtlAppendUnicodeToString
KeRestoreFloatingPointState
MmFreeMappingAddress
SeAssignSecurity
MmFreeContiguousMemory
IoFreeErrorLogEntry
RtlVolumeDeviceToDosName
SeFilterToken
RtlUpcaseUnicodeChar
ZwQueryValueKey
CcFastCopyRead
ZwCreateEvent
IoStopTimer
MmLockPagableSectionByHandle
RtlSecondsSince1980ToTime
ExReleaseFastMutexUnsafe
IoGetStackLimits
ObReferenceObjectByHandle
RtlUnicodeStringToAnsiString
KdDisableDebugger
IoGetDmaAdapter
ExSetResourceOwnerPointer
ExNotifyCallback
MmUnlockPagableImageSection
RtlCheckRegistryKey
IoSetSystemPartition
ObfReferenceObject
ExGetSharedWaiterCount
RtlInitAnsiString
ExAcquireFastMutexUnsafe
IoDisconnectInterrupt
KeSetBasePriorityThread
RtlDeleteNoSplay
RtlValidSid
KeSetPriorityThread
RtlTimeToSecondsSince1970
ZwOpenSection
CcFlushCache
IoAcquireRemoveLockEx
RtlUpperChar
IoStartTimer
KeInsertDeviceQueue
MmIsVerifierEnabled
IoReuseIrp
RtlCreateSecurityDescriptor
KeInitializeMutex
RtlUnicodeStringToOemString
IoAllocateController
KeInitializeTimer
RtlFreeAnsiString
MmFreePagesFromMdl
IoAllocateAdapterChannel
VerSetConditionMask
KeReadStateMutex
ExCreateCallback
MmPageEntireDriver

Exports

Exports

?HideWindowInfoOld@@YGFPAE~U
?FormatMutexOriginal@@YGPAK_NPAEPAI~U
?PutVersionEx@@YGPAIK~U
?IncrementComponentW@@YGMMPAGIJ~U
?GenerateOptionNew@@YGMFNPAGPAF~U
?OnTimeNew@@YGPAIGPANKPAD~U
?IsNotModuleEx@@YGJGMF~U
?CopyPathExA@@YGMFH~U
?RemoveDataW@@YGDKPAF~U
?CrtText@@YGPANMPAEPAEPAF~U
?ModifyCommandLineExW@@YGEPAEEPA_NH~U
?FreePointerOld@@YGPAXPAHK~U
?DecrementProcess@@YGPAIJ~U
?GlobalDirectoryW@@YGGIHPAD_N~U
?GenerateSystemEx@@YGPANEKD~U
?CallArgumentNew@@YGPAIPAHPAGKM~U
?CloseProcessOld@@YGED~U
?IsValidStateOld@@YGPAIIPAD~U
?PutFolderExW@@YGENDJD~U
?HideArgumentOld@@YGEJNPAKI~U
?FreeStringOriginal@@YGPAGPAMHK~U
?IsValidAppNameOld@@YGMMPADHPAM~U
?DecrementPathNew@@YGGMHPAIPA_N~U
?InsertChar@@YGEH~U
?IsNotStateExA@@YGPAMPAFE~U
?SendStateOld@@YGPAJPAIPAEH~U
?CopyWidthA@@YGPAFM~U
?MonitorExA@@YGXMKDI~U
?OnDirectoryW@@YGPAHPADPAF~U
?MutexA@@YGIFGEN~U
?InsertHeightExA@@YGMDIPANPAE~U
?FindMemoryExA@@YGGHFPAJF~U
?KillDeviceOld@@YGXH~U
?DecrementHeightExW@@YGPAXPAE_N~U
?EnumSectionNew@@YGPAIF~U
?SendSizeOld@@YGPAGHPAMFI~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 453B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b16e67cb8ae5a7cd8b3cdc3b7e57761

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 453B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 453B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 676B