351f26ca804476d766d7de1402da7542_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

351f26ca804476d766d7de1402da7542_JaffaCakes118
Size

159KB
MD5

351f26ca804476d766d7de1402da7542
SHA1

840313bb06c04e2aeff646ea4c4a86899e55efa1
SHA256

4c599365a523aee5cc655d56ecec24c74f6a2d12a8ec21b217804fecb876fc42
SHA512

c79c02e8992e69f8e53efbf17a9a2028d86a424319eceb61a8d1918d759af9d22b1323476b8ac83148e1565c2defc142f7f765eaf472a9dad217ebf80c5079ee
SSDEEP

3072:uoS2Tyyi/qU+2ByG6NC2JBjcln0C2cJaJFs0r9gkJKqDm+TAnBRjvt:zTyZa2BynJ5G0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
351f26ca804476d766d7de1402da7542_JaffaCakes118

Files

351f26ca804476d766d7de1402da7542_JaffaCakes118
.dll windows:5 windows x86 arch:x86

df37be0ce95b6c955cea4e095827f6e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\Jptvlesz\bncshnsJv\tckecWVA\zHCowougDexfr.pdb

Imports

ntoskrnl.exe

RtlCopySid
ObfReferenceObject
RtlNtStatusToDosError
KeReadStateSemaphore
RtlInitializeBitMap
SeAppendPrivileges
KdEnableDebugger
RtlRandom
ObInsertObject
RtlSubAuthoritySid
MmIsVerifierEnabled
KeSetEvent
ZwCreateKey
MmUnlockPages
RtlCreateSecurityDescriptor
KeWaitForMultipleObjects
RtlFreeAnsiString
PsChargeProcessPoolQuota
CcFlushCache
IoInvalidateDeviceRelations
RtlSecondsSince1970ToTime
ZwQueryObject
IoFreeController
RtlGetCallersAddress
PsGetCurrentThreadId
IoAllocateIrp
IoGetDeviceProperty
RtlSetAllBits
MmAllocateNonCachedMemory
KeReleaseSemaphore
KeInitializeTimerEx
IoRequestDeviceEject
IoGetRequestorProcessId
KeRemoveDeviceQueue
ZwWriteFile
PoRequestPowerIrp
IoAllocateWorkItem
ZwQueryVolumeInformationFile
IoReuseIrp
PoStartNextPowerIrp
RtlFindClearBits
ZwCreateDirectoryObject
MmGetSystemRoutineAddress
SeSetSecurityDescriptorInfo
WmiQueryTraceInformation
RtlUnicodeStringToOemString
IoIsOperationSynchronous
ZwSetVolumeInformationFile
RtlUpperChar
RtlAnsiStringToUnicodeString
ZwDeleteKey
KeQuerySystemTime
IoDetachDevice
PsGetProcessId
SeFreePrivileges
MmIsDriverVerifying
KeInsertDeviceQueue
IoGetDeviceObjectPointer
RtlClearBits
ExCreateCallback
IoAcquireRemoveLockEx
IoSetPartitionInformation
KeInsertHeadQueue
IoStartNextPacket
IoGetAttachedDeviceReference
ZwOpenFile
IoUpdateShareAccess
ZwDeviceIoControlFile
SeDeassignSecurity
RtlOemToUnicodeN
RtlFindClearBitsAndSet
PoUnregisterSystemState
KeInitializeApc
ZwOpenSymbolicLinkObject
PoRegisterSystemState
IoCreateSymbolicLink
ExSystemTimeToLocalTime
CcCanIWrite
CcFastCopyWrite
FsRtlDeregisterUncProvider
RtlSetBits
SeTokenIsRestricted
IoGetRequestorProcess
ExIsProcessorFeaturePresent
RtlUpperString
IoGetDeviceInterfaceAlias
KeRemoveQueueDpc
RtlCreateRegistryKey
RtlSetDaclSecurityDescriptor
CcUnpinDataForThread
RtlLengthSecurityDescriptor
MmUnmapReservedMapping
KeRemoveEntryDeviceQueue
IoReleaseVpbSpinLock
FsRtlCheckLockForWriteAccess
MmProbeAndLockPages
RtlCompareUnicodeString
ProbeForRead
FsRtlNotifyUninitializeSync
IoReadPartitionTableEx
RtlUpcaseUnicodeChar
IoReleaseRemoveLockEx
CcDeferWrite
RtlAppendStringToString
SeCaptureSubjectContext
CcInitializeCacheMap
SeQueryAuthenticationIdToken
PsSetLoadImageNotifyRoutine
RtlFindLeastSignificantBit
DbgPrompt
FsRtlCheckLockForReadAccess
MmMapIoSpace
ExDeletePagedLookasideList
IoGetBootDiskInformation
MmAdvanceMdl
RtlTimeToSecondsSince1980
ZwOpenSection
PsIsThreadTerminating
ExAllocatePool
IoReadPartitionTable
IoSetShareAccess
RtlTimeFieldsToTime
MmMapLockedPages
VerSetConditionMask
ExGetExclusiveWaiterCount
KeRevertToUserAffinityThread
ZwCreateSection
SeDeleteObjectAuditAlarm
IoInvalidateDeviceState
ExSetTimerResolution
SeAssignSecurity
IoOpenDeviceRegistryKey
CcRemapBcb
RtlStringFromGUID
ExQueueWorkItem
CcPurgeCacheSection
SeValidSecurityDescriptor
MmCanFileBeTruncated
ExVerifySuite
SeCreateClientSecurity
ZwDeleteValueKey
RtlVerifyVersionInfo
KeSetKernelStackSwapEnable
KeBugCheck
RtlExtendedIntegerMultiply
MmGetPhysicalAddress
PsReturnPoolQuota
IoRegisterFileSystem
RtlQueryRegistryValues
IoGetStackLimits
KeResetEvent
PsGetCurrentThread
MmSecureVirtualMemory
RtlNumberOfClearBits
IoInitializeIrp
MmForceSectionClosed
RtlFindNextForwardRunClear
IoReadDiskSignature
MmFreeNonCachedMemory
RtlCreateUnicodeString
ZwSetSecurityObject
FsRtlFastCheckLockForRead
PsGetVersion
ZwPowerInformation
RtlCreateAcl
MmFlushImageSection
FsRtlAllocateFileLock
ExAcquireResourceSharedLite
IoCheckShareAccess
CcRepinBcb
RtlWriteRegistryValue
PsLookupProcessByProcessId
KeInsertQueueDpc
RtlFindClearRuns
RtlInitString
RtlFindMostSignificantBit
IoGetDeviceAttachmentBaseRef
IoReleaseCancelSpinLock
KefAcquireSpinLockAtDpcLevel
RtlLengthSid
ZwMapViewOfSection
SeQueryInformationToken
ZwSetValueKey
IoSetStartIoAttributes
IoQueryFileDosDeviceName
RtlFreeUnicodeString
SeAccessCheck
ExRaiseStatus
ExUuidCreate
RtlEnumerateGenericTable
IoSetDeviceInterfaceState
ObMakeTemporaryObject
RtlInitAnsiString
CcMapData
DbgBreakPoint
IoCreateStreamFileObject
KeSetSystemAffinityThread
KeRemoveByKeyDeviceQueue
KeDelayExecutionThread
ExRaiseAccessViolation
RtlVolumeDeviceToDosName
RtlUnicodeStringToAnsiString
RtlAddAccessAllowedAceEx
MmUnmapLockedPages
IoCreateSynchronizationEvent
FsRtlMdlWriteCompleteDev
ExInitializeResourceLite
MmAllocateContiguousMemory
ExDeleteNPagedLookasideList
MmIsThisAnNtAsSystem
RtlFindSetBits
RtlFindLastBackwardRunClear
RtlSecondsSince1980ToTime
ZwClose
KeRemoveQueue
MmAllocateMappingAddress
ExReleaseResourceLite
PsDereferencePrimaryToken
RtlSplay
FsRtlGetNextFileLock
IoSetHardErrorOrVerifyDevice
RtlUnicodeStringToInteger
KeDetachProcess
RtlCharToInteger
IoThreadToProcess
KeEnterCriticalRegion
RtlDowncaseUnicodeString
RtlValidSid
KdDisableDebugger
ExGetSharedWaiterCount
ZwQueryValueKey
CcCopyRead
IoVerifyPartitionTable
IoReleaseRemoveLockAndWaitEx
ZwCreateEvent
ExLocalTimeToSystemTime
MmLockPagableSectionByHandle
KeQueryTimeIncrement
RtlCopyUnicodeString
ExGetPreviousMode
RtlCompareMemory
SeFilterToken
KeSetTimer
SeReleaseSubjectContext
RtlValidSecurityDescriptor
RtlMapGenericMask
CcCopyWrite
SeLockSubjectContext
MmMapLockedPagesSpecifyCache
RtlTimeToTimeFields
IoMakeAssociatedIrp
MmFreeMappingAddress
ObReferenceObjectByPointer
KeQueryActiveProcessors
ExSetResourceOwnerPointer
IoQueryDeviceDescription
ExDeleteResourceLite
CcUnpinData
KeReleaseMutex
IoIsWdmVersionAvailable

Exports

Exports

?EnumMutantNew@@YG_NPAKPAF&U
?AddEventOriginal@@YGIKJH&U
?SendListExW@@YGPAKNPA_NJPAH&U
?IsNotDirectory@@YGXHPAI&U
?CrtOptionA@@YGDKFN&U
?RtlMonitorExA@@YGPAMM&U
?FreeSystemOld@@YGPAKE&U
?GlobalProviderA@@YGGM&U
?InsertKeyboardEx@@YGPA_NGMPAN&U
?HideHeightA@@YGKPAHGNF&U
?InstallMessage@@YGH_NKHF&U
?PutTimerEx@@YGDH&U
?CopySectionOld@@YGJPAIM&U
?FreeMediaTypeA@@YGGPAGMDE&U
?IsValidCharA@@YGGFJ&U
?CopyCharOld@@YGPAMPANPAKPA_NM&U
?IncrementDialogOriginal@@YGXE&U
?ModifyMutexOriginal@@YGNH&U
?FormatNameOld@@YGXFPAJM&U
?AddFilePathA@@YGIKNPAG&U
?MemoryOld@@YGPAHJPAGDM&U
?KillScreen@@YGGDJD&U
?CrtTimeExW@@YGPAIPADPAIJI&U
?IsValidProject@@YGXFPADI&U
?CrtKeyNameOriginal@@YGJHMKPAG&U
?CallConfigW@@YGFKMIH&U
?InstallAppNameEx@@YGND&U
?RemoveEventExW@@YGPADIPAKJ&U
?IsNotExpressionA@@YGI_NGPAKPA_N&U
?FindConfigA@@YGGHDI&U
?GenerateFolderExA@@YGPAKHD&U
?DecrementTimeOld@@YGI_NK&U
?ValidateMonitorNew@@YGJPAD&U
?LoadProfileOld@@YGPAXKK&U
?ModifyMediaTypeExW@@YGGK_NJ&U
?PutWindowInfoA@@YGIPA_NI&U
?IsWindowEx@@YGEHENPAJ&U
?GenerateRectEx@@YG_NPAK&U

Sections

.text
Size: 29KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df37be0ce95b6c955cea4e095827f6e7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 53KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 765B

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 672B

.text
Size: 29KB - Virtual size: 53KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 765B

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 672B