36110e9f5ed07ac2df932322f0238d06_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36110e9f5ed07ac2df932322f0238d06_JaffaCakes118
Size

135KB
MD5

36110e9f5ed07ac2df932322f0238d06
SHA1

d4fe4cb3c0dcac5744087e075e542a417c034871
SHA256

58e99a36518aab1393da169dab8de9ae6afe86e8e831269fc1d880ac959bc7a5
SHA512

768bf89338fd4b02a9840c7b5499d12fbab1422ed21b8bd3e8b8db0d0a8ade6959851f6f1a14542582e82ea917bb9de73ddf0d27d8c39420e58cb253ee038b13
SSDEEP

3072:E6qj0gOJSyeH9V4jUgmXs7M49f0FvlyHvpkXGSCk+RgNJJI:iWJZ6n45Ks7MUfAyHBFSb+RwJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36110e9f5ed07ac2df932322f0238d06_JaffaCakes118

Files

36110e9f5ed07ac2df932322f0238d06_JaffaCakes118
.dll windows:5 windows x86 arch:x86

01ef7c29bd3004e31b1bd396a47d6fb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\plRrgxzsbl\EqcSbHgGixL\obBFhffXGemrrg\lfrbUxkepcLzpg.pdb

Imports

ntoskrnl.exe

IoStartTimer
RtlGUIDFromString
IoGetTopLevelIrp
IoCreateDisk
RtlUnicodeToOemN
RtlTimeFieldsToTime
RtlWriteRegistryValue
IoFreeErrorLogEntry
SeValidSecurityDescriptor
ZwQueryInformationFile
IoEnumerateDeviceObjectList
CcRemapBcb
KeInitializeDeviceQueue
IoRequestDeviceEject
RtlSetDaclSecurityDescriptor
IoDeleteController
KeInitializeSemaphore
CcCopyRead
FsRtlNotifyInitializeSync
IoSetHardErrorOrVerifyDevice
RtlCopyString
ZwDeviceIoControlFile
IoCheckQuotaBufferValidity
KeSetTimerEx
SeAccessCheck
RtlFillMemoryUlong
RtlUnicodeStringToAnsiString
ExGetExclusiveWaiterCount
FsRtlFastCheckLockForRead
IoRegisterFileSystem
KeCancelTimer
ExAllocatePool
MmSecureVirtualMemory
IoInitializeIrp
RtlTimeToTimeFields
ZwQueryVolumeInformationFile
RtlDowncaseUnicodeString
ZwClose
MmFreeMappingAddress
RtlTimeToSecondsSince1970
PsLookupThreadByThreadId
FsRtlMdlWriteCompleteDev
KeGetCurrentThread
KeSetBasePriorityThread
MmBuildMdlForNonPagedPool
IoVerifyVolume
IoSetShareAccess
KeSetTimer
IoStartNextPacket
IoWMIRegistrationControl
SeCaptureSubjectContext
ExRaiseAccessViolation
ExReinitializeResourceLite
ZwFsControlFile
PoSetSystemState
IoVerifyPartitionTable
CcIsThereDirtyData
KefAcquireSpinLockAtDpcLevel
MmUnmapIoSpace
IoThreadToProcess
IoCreateDevice
ProbeForRead
IoDeviceObjectType
KeSetEvent
MmAllocateMappingAddress
KeInitializeMutex
IoQueryFileDosDeviceName
RtlCreateSecurityDescriptor
RtlLengthRequiredSid
MmAllocatePagesForMdl
MmQuerySystemSize
ZwMapViewOfSection
MmIsAddressValid
ZwCreateEvent
IoGetDeviceObjectPointer
ZwCreateKey
IoCsqRemoveIrp
RtlEnumerateGenericTable
WmiQueryTraceInformation
ZwCreateFile
CcUnpinData
ObReferenceObjectByPointer
RtlTimeToSecondsSince1980
PoRequestPowerIrp
KeSaveFloatingPointState
IoInvalidateDeviceState
RtlDeleteRegistryValue
KeInitializeTimerEx
KeDelayExecutionThread
IoCreateSynchronizationEvent
ExSystemTimeToLocalTime
KeEnterCriticalRegion
SeImpersonateClientEx
ZwQueryKey
RtlCompareUnicodeString
RtlxUnicodeStringToAnsiSize
CcUnpinDataForThread
SeSinglePrivilegeCheck
ZwDeleteValueKey
CcFastCopyWrite
IoAllocateMdl
KeRegisterBugCheckCallback
CcFastMdlReadWait
RtlHashUnicodeString
ZwNotifyChangeKey
ExDeleteResourceLite
RtlUnicodeStringToOemString
RtlLengthSid
KeRemoveByKeyDeviceQueue
RtlDeleteElementGenericTable
ExGetSharedWaiterCount
KeInsertQueueDpc
ZwOpenSection
SeDeassignSecurity
RtlCreateRegistryKey
DbgBreakPoint
IoWritePartitionTableEx
IoAcquireCancelSpinLock
MmMapIoSpace
IoIsOperationSynchronous
KeBugCheck
ZwOpenKey
RtlMapGenericMask
VerSetConditionMask
RtlFindLongestRunClear
PsGetCurrentThread
ExLocalTimeToSystemTime
ObGetObjectSecurity
ObReleaseObjectSecurity
KeReadStateEvent
IoWriteErrorLogEntry
ExSetTimerResolution
FsRtlFastUnlockSingle
RtlIsNameLegalDOS8Dot3
KeInsertByKeyDeviceQueue
RtlInitializeUnicodePrefix
SeSetSecurityDescriptorInfo
CcPurgeCacheSection
IoCheckShareAccess
KeReadStateMutex
MmGetSystemRoutineAddress
KeInsertQueue
RtlAddAccessAllowedAceEx
ZwFreeVirtualMemory
SePrivilegeCheck
PoSetPowerState
RtlAnsiCharToUnicodeChar
PsGetCurrentThreadId
MmUnsecureVirtualMemory
HalExamineMBR
KdEnableDebugger
ZwQuerySymbolicLinkObject
ZwEnumerateKey
ZwSetSecurityObject
IoAllocateErrorLogEntry
IoSetPartitionInformation
RtlGetCallersAddress
RtlUpcaseUnicodeToOemN
ZwSetValueKey
CcMdlRead
ObOpenObjectByPointer
IoSetDeviceInterfaceState
SeQueryAuthenticationIdToken
IoStopTimer
IoGetRequestorProcessId
ObReferenceObjectByHandle
ObInsertObject
KeInitializeApc
IoFreeMdl
KeRemoveEntryDeviceQueue
MmAllocateContiguousMemory
IoSetPartitionInformationEx
IoReportResourceForDetection
RtlFindClearBitsAndSet
RtlCompareString
PsReturnPoolQuota
IoGetDeviceInterfaceAlias
MmFreePagesFromMdl
MmAllocateNonCachedMemory
IoWMIWriteEvent
KeRevertToUserAffinityThread
ObfDereferenceObject
RtlSplay
MmMapLockedPagesSpecifyCache
IoRemoveShareAccess
SeFilterToken
ExVerifySuite
ExUuidCreate
KeSetImportanceDpc
IoGetRelatedDeviceObject
IoUnregisterFileSystem
IoDisconnectInterrupt
PsChargeProcessPoolQuota
ZwAllocateVirtualMemory
IoReadPartitionTable
RtlUpcaseUnicodeString
IoCreateStreamFileObjectLite
IoQueryFileInformation
ExRaiseStatus
KeInitializeTimer
KeReadStateTimer
MmUnlockPagableImageSection
IoConnectInterrupt
FsRtlCheckLockForWriteAccess
IofCompleteRequest
IofCallDriver
IoCancelIrp
ExRaiseDatatypeMisalignment
ZwWriteFile
RtlxAnsiStringToUnicodeSize
SeTokenIsAdmin
RtlAreBitsSet
FsRtlIsDbcsInExpression
IoIsWdmVersionAvailable
RtlFindNextForwardRunClear
RtlStringFromGUID
CcMdlReadComplete
IoReuseIrp
ExAllocatePoolWithQuotaTag
RtlQueryRegistryValues
SeDeleteObjectAuditAlarm
RtlFindClearRuns
RtlValidSecurityDescriptor
KeSetKernelStackSwapEnable
PsCreateSystemThread
CcFastCopyRead
KeInitializeSpinLock
CcPreparePinWrite
MmMapUserAddressesToPage
ExGetPreviousMode
RtlFreeOemString
IoGetAttachedDeviceReference
IoAllocateIrp
KeFlushQueuedDpcs
ZwReadFile
CcGetFileObjectFromBcb
IoGetAttachedDevice
MmIsVerifierEnabled
RtlDeleteNoSplay
MmProbeAndLockProcessPages
RtlAppendStringToString
IoCreateFile
KeRundownQueue
KeSetTargetProcessorDpc
MmFlushImageSection
RtlInitAnsiString
KeReleaseSemaphore
ExSetResourceOwnerPointer
RtlFindUnicodePrefix
PsGetThreadProcessId
IoAllocateAdapterChannel
CcSetFileSizes
MmForceSectionClosed
RtlSetAllBits
CcZeroData
ExNotifyCallback
IoReleaseVpbSpinLock
FsRtlCheckLockForReadAccess
MmProbeAndLockPages
RtlUpcaseUnicodeChar
PsLookupProcessByProcessId
PsIsThreadTerminating

Exports

Exports

?IsProviderA@@YGXKPAHH~U
?CancelMutexEx@@YGPAJPAK~U
?ShowModuleOriginal@@YGE_N~U
?KillThread@@YGFM~U
?RemoveAppNameNew@@YGXJE~U
?CallFilePathEx@@YGPAXFH~U
?DecrementKeyboardNew@@YGPA_NHD~U
?CancelMediaTypeOld@@YGPAXGPAM~U
?WindowExA@@YGMFE~U
?FreeObject@@YGNPAMPANKPAJ~U
?CancelText@@YGDPAHPAHPAD~U
?DecrementHeaderOld@@YGPAKF~U
?EnumFilePath@@YGKI~U
?OnSizeOriginal@@YGPAEKEE~U
?OnComponentOriginal@@YGGPAGPAJPAD~U
?GetSemaphoreOriginal@@YGFKKI~U
?EnumAnchorExW@@YGPAMMH~U
?GlobalDateW@@YGXK~U
?ValidateMediaTypeA@@YGIKPAK~U
?CrtScreenNew@@YGNPAEPAEGG~U
?ValidateFullNameEx@@YGPAXKJGPAJ~U
?IncrementPointerNew@@YGPAGGJ~U
?ShowPenNew@@YGHPAIE~U
?SendOptionExW@@YGXHI~U
?FormatMutexA@@YGEPAKNIPAK~U
?ObjectW@@YGPAHD~U
?KillAppNameNew@@YGNPAJ~U
?CloseVersionNew@@YGNH~U
?GenerateEventExW@@YGEFPAHPAI~U
?OnTimerNew@@YGKPAKIPAEE~U
?CrtListExW@@YGHK~U
?EnumAnchorA@@YGPAE_NNPAJ~U
?RtlArgumentExA@@YGGK_NPAFPAN~U
?RemoveFunctionW@@YGHM~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01ef7c29bd3004e31b1bd396a47d6fb7

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 336B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 696B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 336B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 696B