357c68ce090433598534081a42cdcee5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

357c68ce090433598534081a42cdcee5_JaffaCakes118
Size

290KB
MD5

357c68ce090433598534081a42cdcee5
SHA1

6e5b68b528bbd1a3e7cfdea767910f553c6ff25f
SHA256

6fd1f26b80fa164a633281f749c30b1cc9d4f9119fd58823776dc41e8655ade4
SHA512

c2e09b5e4161ce3179cd9c4830158bb9663203f47411f9c048f7f4d8d2d572741851116fa16eea1525b41afa2ebc34644b202074f7f565d7f111c9984bd97062
SSDEEP

6144:yCZ0mjO1z7dRi1aMjUe+yD9rkgtHmObGYQqq4Xc:yCJO1z2aKx+Wo7q9c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
357c68ce090433598534081a42cdcee5_JaffaCakes118

Files

357c68ce090433598534081a42cdcee5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

93b53ff2d6084296a08caf48cc557f15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\DncmJMzsa\BfeEtyIVq\JHorWlbvm\RmPXsqypxp.pdb

Imports

ntoskrnl.exe

IoCreateFile
PsDereferencePrimaryToken
ZwCreateKey
IoGetStackLimits
ZwDeviceIoControlFile
CcSetDirtyPinnedData
IoCreateStreamFileObjectLite
IoGetCurrentProcess
RtlMapGenericMask
CcZeroData
SeAccessCheck
ExAllocatePool
IoAllocateMdl
IoReportDetectedDevice
KeSetTargetProcessorDpc
SePrivilegeCheck
MmAdvanceMdl
MmLockPagableDataSection
HalExamineMBR
CcUnpinData
RtlFreeUnicodeString
ZwQueryValueKey
KeInsertDeviceQueue
MmFreeNonCachedMemory
RtlGetNextRange
ExGetPreviousMode
IoSetHardErrorOrVerifyDevice
MmUnmapReservedMapping
PsSetLoadImageNotifyRoutine
ZwFsControlFile
RtlSecondsSince1970ToTime
FsRtlSplitLargeMcb
IoBuildSynchronousFsdRequest
IoRemoveShareAccess
IoGetTopLevelIrp
RtlTimeToTimeFields
IoGetDeviceToVerify
CcMdlReadComplete
RtlAnsiCharToUnicodeChar
ZwQueryKey
ZwQueryObject
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
ZwFreeVirtualMemory
RtlTimeToSecondsSince1980
KeEnterCriticalRegion
MmFlushImageSection
RtlCompareMemory
RtlClearAllBits
ExReinitializeResourceLite
ExFreePool
ZwWriteFile
RtlQueryRegistryValues
RtlOemStringToUnicodeString
PsChargeProcessPoolQuota
RtlCopyUnicodeString
FsRtlMdlWriteCompleteDev
FsRtlLookupLastLargeMcbEntry
RtlEqualString
MmForceSectionClosed
IoIsWdmVersionAvailable
KeRemoveQueueDpc
ExRaiseAccessViolation
FsRtlNotifyUninitializeSync
CcUnpinDataForThread
KeSetEvent
IoGetDeviceInterfaceAlias
MmResetDriverPaging
PsRevertToSelf
KeUnstackDetachProcess
CcFastMdlReadWait
RtlUnicodeToMultiByteN
RtlUpperString
SeQueryInformationToken
ExGetSharedWaiterCount
MmIsThisAnNtAsSystem
RtlWriteRegistryValue
IoCreateSymbolicLink
IoGetBootDiskInformation
IoDeviceObjectType
IoCancelIrp
RtlInitString
PoSetSystemState
RtlEqualUnicodeString
CcPinMappedData
MmSecureVirtualMemory
RtlRemoveUnicodePrefix
IoUnregisterFileSystem
ExAcquireFastMutexUnsafe
KeInitializeDeviceQueue
IoGetDriverObjectExtension
IoReleaseVpbSpinLock
IoSetDeviceToVerify
ExRaiseStatus
IoIsSystemThread
PoRegisterSystemState
KeQueryInterruptTime
RtlFindLastBackwardRunClear
ZwOpenSymbolicLinkObject
IoRegisterFileSystem
RtlUnicodeStringToAnsiString
KeSetImportanceDpc
IoGetLowerDeviceObject
SeValidSecurityDescriptor
MmIsAddressValid
IoSetTopLevelIrp
RtlxUnicodeStringToAnsiSize
CcPinRead
RtlTimeToSecondsSince1970
IoCreateDisk
ExQueueWorkItem
IoAllocateWorkItem
KeRemoveEntryDeviceQueue
MmAllocateMappingAddress
RtlFillMemoryUlong
MmBuildMdlForNonPagedPool
KeSynchronizeExecution
KeReadStateEvent
RtlLengthRequiredSid
KeQueryTimeIncrement
MmGetPhysicalAddress
ExAllocatePoolWithQuotaTag
IofCompleteRequest
KeWaitForMultipleObjects
IoGetRequestorProcess
ExDeleteNPagedLookasideList
WmiQueryTraceInformation
IoInitializeRemoveLockEx
IoGetDeviceInterfaces
KdEnableDebugger
IoRaiseHardError
RtlAreBitsSet
RtlLengthSid
FsRtlIsNameInExpression
SeLockSubjectContext
ZwEnumerateKey
PsGetVersion
ExAcquireResourceSharedLite
RtlCopySid
RtlUnicodeStringToInteger
MmIsDriverVerifying
CcMapData
RtlFindClearBitsAndSet
ObQueryNameString
RtlFindLongestRunClear
ExDeletePagedLookasideList
IoConnectInterrupt
KeClearEvent
KefAcquireSpinLockAtDpcLevel
ZwNotifyChangeKey
RtlSetAllBits
SeFreePrivileges
ExIsProcessorFeaturePresent
RtlSetDaclSecurityDescriptor
FsRtlIsHpfsDbcsLegal
KeSetKernelStackSwapEnable
MmUnmapIoSpace
IoCheckQuotaBufferValidity
PsTerminateSystemThread
RtlDowncaseUnicodeString
RtlValidSecurityDescriptor
ZwSetVolumeInformationFile
RtlEqualSid
CcFlushCache
IoGetAttachedDevice
IoAcquireCancelSpinLock
PsLookupThreadByThreadId
DbgBreakPoint
MmMapUserAddressesToPage
IoAllocateController
IoSetSystemPartition
RtlClearBits
IoWMIWriteEvent
IoSetStartIoAttributes
ObCreateObject
IoDeleteSymbolicLink
RtlAddAccessAllowedAceEx
SeSetSecurityDescriptorInfo
IoCsqRemoveIrp
IoReadPartitionTableEx
MmFreeMappingAddress
IoFreeMdl
IoSetDeviceInterfaceState
ZwQueryVolumeInformationFile
RtlInitializeGenericTable
CcMdlRead
ObMakeTemporaryObject
IoDeleteDevice
IoCreateStreamFileObject
PoRequestPowerIrp
IoStartPacket
RtlCreateUnicodeString
RtlMultiByteToUnicodeN
MmMapLockedPages
ExUuidCreate
ExReleaseResourceLite
ProbeForWrite
IoCreateSynchronizationEvent
IoWMIRegistrationControl
DbgBreakPointWithStatus
PsCreateSystemThread
PoUnregisterSystemState
ExInitializeResourceLite
PsReturnPoolQuota
PsGetProcessId
MmAllocatePagesForMdl
ObOpenObjectByPointer
PsIsThreadTerminating
RtlVerifyVersionInfo
IoOpenDeviceRegistryKey
VerSetConditionMask
PoSetPowerState
RtlSplay
ZwUnloadDriver
PsGetThreadProcessId
IoFreeErrorLogEntry
PoStartNextPowerIrp
KeRestoreFloatingPointState
KeCancelTimer
IoRegisterDeviceInterface
KeGetCurrentThread
PsImpersonateClient
SeUnlockSubjectContext
SeTokenIsRestricted
RtlCopyString
IoGetDeviceAttachmentBaseRef
IoQueryFileInformation
SeCreateClientSecurity
RtlCheckRegistryKey
ZwQuerySymbolicLinkObject
RtlUpcaseUnicodeToOemN
IoVerifyVolume
KeRemoveByKeyDeviceQueue
RtlFreeAnsiString
IoGetRelatedDeviceObject
MmSetAddressRangeModified
CcRepinBcb
ExLocalTimeToSystemTime
RtlCompareString
RtlCreateSecurityDescriptor
RtlInitAnsiString
CcFastCopyWrite
FsRtlFastCheckLockForRead
DbgPrompt
RtlAddAccessAllowedAce
IoDeleteController
SeAppendPrivileges
PsGetCurrentThreadId
KeInitializeSpinLock
IoCheckShareAccess
CcCopyRead
ZwCreateFile
CcPurgeCacheSection
KeQueryActiveProcessors
RtlPrefixUnicodeString
IoFreeWorkItem
CcGetFileObjectFromBcb
KeLeaveCriticalRegion
CcCanIWrite
MmUnlockPages
FsRtlIsDbcsInExpression
ObfReferenceObject
IoBuildPartialMdl

Exports

Exports

?AddFilePathA@@IJG_NKN@X

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93b53ff2d6084296a08caf48cc557f15

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 40KB - Virtual size: 39KB

.init Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 508B

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 40KB - Virtual size: 39KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 508B