35c0ec139fefde045e1654abd7615799_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35c0ec139fefde045e1654abd7615799_JaffaCakes118
Size

183KB
MD5

35c0ec139fefde045e1654abd7615799
SHA1

a667e7ef49aa7808e101bd41aa7b50c02f7ad9d4
SHA256

ff96ffe5ecd49c94f277ae8c770d477c3a8a00edcbb2e66bd307ddaee57581c5
SHA512

81941443992d7520efd1c80aaf1bb25a9719ce231aa22850f4624eb4c757bef8f3fc110b93cdead7ed11c6ec605faab94d42a8fca9858d5760c76a0b629b95e8
SSDEEP

3072:O9q/DSNACEH9VNKT7uVW0egfexWlyK4yOTFO+HLJJedbVTQiJTfZl:6qbqwney4gACyZTFOELDqTJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35c0ec139fefde045e1654abd7615799_JaffaCakes118

Files

35c0ec139fefde045e1654abd7615799_JaffaCakes118
.dll windows:5 windows x86 arch:x86

880d9c9d9a282dfbe49a31cac9053859

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\SqKoFdDq\IhcrmwuD\ejmdjrx\gUFQbwg.pdb

Imports

ntoskrnl.exe

ZwOpenProcess
MmUnlockPages
IoRegisterFileSystem
PsTerminateSystemThread
KeInitializeApc
IoThreadToProcess
KeRestoreFloatingPointState
IoUnregisterFileSystem
ExAcquireResourceSharedLite
MmIsVerifierEnabled
IoReadPartitionTable
IoWMIWriteEvent
CcMapData
ProbeForRead
FsRtlIsDbcsInExpression
IoFreeIrp
ObCreateObject
ZwSetVolumeInformationFile
MmProbeAndLockProcessPages
IoCreateSynchronizationEvent
FsRtlFreeFileLock
IoVolumeDeviceToDosName
IoGetStackLimits
KeBugCheckEx
ExGetExclusiveWaiterCount
PsGetThreadProcessId
IoGetDriverObjectExtension
IoConnectInterrupt
RtlRandom
KeInitializeTimerEx
KeQueryActiveProcessors
IoDisconnectInterrupt
IoGetDmaAdapter
ZwFlushKey
RtlDeleteRegistryValue
KeAttachProcess
PsSetLoadImageNotifyRoutine
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ExFreePool
SeAppendPrivileges
RtlOemStringToUnicodeString
IoSetTopLevelIrp
IoAllocateController
KeReleaseSemaphore
MmFreeContiguousMemory
FsRtlIsNameInExpression
KdDisableDebugger
IoUpdateShareAccess
IoCsqRemoveIrp
IoInvalidateDeviceState
IoOpenDeviceRegistryKey
KeDeregisterBugCheckCallback
RtlQueryRegistryValues
FsRtlAllocateFileLock
IoReleaseRemoveLockEx
IoWritePartitionTableEx
IoInvalidateDeviceRelations
RtlAreBitsSet
RtlPrefixUnicodeString
RtlTimeFieldsToTime
IoBuildPartialMdl
ZwWriteFile
RtlCreateAcl
RtlSetBits
ZwQueryKey
IoSetDeviceInterfaceState
CcFastCopyWrite
IoCreateDevice
MmAddVerifierThunks
IoInitializeIrp
MmLockPagableSectionByHandle
MmHighestUserAddress
CcSetDirtyPinnedData
MmUnmapReservedMapping
CcIsThereDirtyData
IoDeviceObjectType
KeRemoveEntryDeviceQueue
FsRtlMdlWriteCompleteDev
IoBuildSynchronousFsdRequest
MmAllocateMappingAddress
PoCallDriver
IoAcquireCancelSpinLock
FsRtlFastCheckLockForRead
ObQueryNameString
RtlAppendStringToString
SeUnlockSubjectContext
ZwQueryValueKey
ExRaiseAccessViolation
IoQueryDeviceDescription
SeSinglePrivilegeCheck
MmMapLockedPagesSpecifyCache
RtlGetNextRange
VerSetConditionMask
RtlCheckRegistryKey
IoRegisterDeviceInterface
ExAcquireFastMutexUnsafe
KeInsertQueue
ObReferenceObjectByPointer
ZwReadFile
KeRemoveQueue
ZwSetValueKey
MmGetSystemRoutineAddress
MmAllocateContiguousMemory
RtlFindNextForwardRunClear
SeReleaseSubjectContext
SeQueryInformationToken
IoFreeWorkItem
ZwDeleteKey
IoGetRequestorProcess
SeOpenObjectAuditAlarm
RtlCreateSecurityDescriptor
RtlDeleteElementGenericTable
ExSetTimerResolution
MmSetAddressRangeModified
IoGetDeviceToVerify
RtlxOemStringToUnicodeSize
RtlLengthRequiredSid
IoAllocateErrorLogEntry
KeLeaveCriticalRegion
KeStackAttachProcess
SeFilterToken
CcMdlWriteAbort
KeSetTimer
KePulseEvent
SeCreateClientSecurity
IoIsOperationSynchronous
ZwEnumerateValueKey
RtlSubAuthoritySid
CcZeroData
RtlUpcaseUnicodeString
KeInitializeMutex
ObGetObjectSecurity
RtlVolumeDeviceToDosName
IoMakeAssociatedIrp
CcUnpinRepinnedBcb
IoGetRequestorProcessId
ObReferenceObjectByHandle
MmUnlockPagableImageSection
PsGetVersion
RtlxAnsiStringToUnicodeSize
CcMdlRead
ExAllocatePoolWithQuotaTag
ObMakeTemporaryObject
PoStartNextPowerIrp
ZwOpenSymbolicLinkObject
IoSetDeviceToVerify
SeAssignSecurity
RtlInitUnicodeString
ExAllocatePoolWithQuota
IoInitializeTimer
FsRtlIsTotalDeviceFailure
KeRemoveDeviceQueue
IoSetStartIoAttributes
CcCopyWrite
ExAllocatePoolWithTag
PsReturnPoolQuota
ZwLoadDriver
KeSetTargetProcessorDpc
PsIsThreadTerminating
FsRtlIsHpfsDbcsLegal
IoIsSystemThread
RtlDelete
RtlFindLongestRunClear
PsGetCurrentThreadId
RtlAreBitsClear
CcPreparePinWrite
CcPinRead
IoVerifyVolume
RtlWriteRegistryValue
RtlUpcaseUnicodeChar
ExRaiseStatus
KeClearEvent
PsGetCurrentProcess
MmBuildMdlForNonPagedPool
ExFreePoolWithTag
IoQueryFileInformation
RtlNtStatusToDosError
KeQuerySystemTime
ExVerifySuite
MmAllocatePagesForMdl
KeInitializeQueue
RtlIntegerToUnicodeString
ZwPowerInformation
KeInsertQueueDpc
RtlFreeAnsiString
ZwCreateEvent
MmForceSectionClosed
FsRtlGetNextFileLock
IoDeleteSymbolicLink
RtlTimeToSecondsSince1980
RtlTimeToSecondsSince1970
IoCreateDisk
RtlxUnicodeStringToAnsiSize
IoGetDeviceInterfaceAlias
IoDetachDevice
RtlCreateRegistryKey
PsLookupProcessByProcessId
KeWaitForSingleObject
RtlCopyString
ZwFsControlFile
IoGetCurrentProcess
ExSetResourceOwnerPointer
KeWaitForMultipleObjects
IoFreeMdl
ExQueueWorkItem
FsRtlFastUnlockSingle
PsCreateSystemThread
MmIsDriverVerifying
FsRtlCheckLockForWriteAccess
IoCreateSymbolicLink
IoStartPacket
RtlUnicodeToMultiByteN
KeUnstackDetachProcess
ZwQueryVolumeInformationFile
ExUuidCreate
IoDeleteDevice
ExDeletePagedLookasideList
KeDetachProcess
ZwNotifyChangeKey
CcPurgeCacheSection
KeSetImportanceDpc
IoReleaseVpbSpinLock
IoCreateFile
KeInitializeDpc
KeInsertDeviceQueue
RtlCompareUnicodeString
RtlInitString
IoAcquireVpbSpinLock
ExSystemTimeToLocalTime
KeSaveFloatingPointState
MmAllocateNonCachedMemory
MmUnsecureVirtualMemory
RtlInitializeSid
ExCreateCallback
RtlClearBits
CcCanIWrite
KeSetTimerEx
RtlInt64ToUnicodeString
ExLocalTimeToSystemTime
RtlMapGenericMask
CcUninitializeCacheMap
IoGetDeviceObjectPointer
IoGetTopLevelIrp
RtlValidSid
IoRaiseHardError
MmProbeAndLockPages
RtlUnicodeStringToAnsiString
IoCreateStreamFileObjectLite
RtlIsNameLegalDOS8Dot3
CcUnpinData
SePrivilegeCheck
CcInitializeCacheMap
RtlUpperString
ExAllocatePool

Exports

Exports

?AddMediaTypeA@@YGGPAKJH~U
?GlobalTimerOld@@YGPAKPAKPAHJPAF~U
?ShowScreenExW@@YGDFPAJ~U
?IsValidHeightOld@@YGXPAJPADD~U
?CancelDialog@@YGXI~U
?EnumScreenA@@YGNPAHM~U
?OnTaskA@@YGXG_N~U
?SetConfigOld@@YGMFD~U
?GenerateProviderNew@@YGMHHPAID~U
?CrtAnchorA@@YGX_NGFE~U
?InsertThreadOld@@YGFNPAG~U
?EnumScreenOld@@YGKFMD~U
?KillKeyboardA@@YGEPANPANPAKD~U
?FindFolderExA@@YGKFPAEMPAF~U
?DeleteArgumentW@@YGIEPAMPAK_N~U
?OnProcessNew@@YGFED~U
?FreeProvider@@YGPADND~U
?SendSemaphoreExW@@YGPADHJ~U
?RtlState@@YGXEJKK~U
?SetMutexW@@YGNHMF~U
?IsDialogNew@@YGPAXJPA_N~U
?CloseName@@YGPAIPA_NE~U
?SendAnchorEx@@YGPAMPAH~U
?FindOption@@YGPAXHDG~U
?IsValidDeviceEx@@YGD_NEPAN~U
?HideDirectoryW@@YGDMH~U
?GlobalObjectOld@@YGPAKKK~U
?DeleteWidthW@@YGH_N~U
?InsertHeightExA@@YG_NPAJ~U
?CancelWindowExW@@YGXPAJ~U
?CrtTextExA@@YGJM~U
?RtlOptionExA@@YGFHDPAFI~U
?CopyOptionOld@@YGKPAH_NPAG~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

880d9c9d9a282dfbe49a31cac9053859

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1024B - Virtual size: 1024B

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 274B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1024B - Virtual size: 1024B

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 274B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 676B