377394546e715cd61758d16abe965938_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

377394546e715cd61758d16abe965938_JaffaCakes118
Size

447KB
MD5

377394546e715cd61758d16abe965938
SHA1

3f52e98843da6a4fd7928580e90866e39b3a0f82
SHA256

99e3d5c26067f6836127a40b8625b4b617a35832c04b0ab11305ec735ab860b0
SHA512

c3c971383579f846a03cb0c2e642d5b3815b0b7d91281e3e0d6bd55d682adca936b123d85c969fdb36cd90c40bcb62004ea1952670585002f3bb384bff3e7554
SSDEEP

6144:Wqal/wsBbOzCq6TCeM9ciR9PJxsF3uIjq1kiWkO/cVUjM3jDVTrHK3E488CWtUs:5Uv2qCeM9ciRJJSF3uIMvCkrZrquXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
377394546e715cd61758d16abe965938_JaffaCakes118

Files

377394546e715cd61758d16abe965938_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3797d6b751e47e6db9c0255c1e176d6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\UdyepllzIfke\dghitwvyjxyK\vZloLnkkBpJo.pdb

Imports

ntoskrnl.exe

MmSecureVirtualMemory
ExFreePool
KeRemoveDeviceQueue
SeValidSecurityDescriptor
RtlWriteRegistryValue
KeBugCheckEx
RtlAppendUnicodeToString
CcZeroData
SeCreateClientSecurity
IoFreeController
ExRaiseAccessViolation
RtlDeleteRegistryValue
RtlFindUnicodePrefix
MmLockPagableSectionByHandle
IoInvalidateDeviceState
KeSetEvent
RtlAddAccessAllowedAceEx
IoReportResourceForDetection
KeInitializeSpinLock
ExFreePoolWithTag
FsRtlIsNameInExpression
MmMapIoSpace
CcCopyWrite
ZwQueryVolumeInformationFile
CcPreparePinWrite
IoGetDriverObjectExtension
RtlAreBitsClear
RtlTimeToTimeFields
IoGetDeviceProperty
RtlUpcaseUnicodeToOemN
FsRtlSplitLargeMcb
FsRtlFastCheckLockForRead
MmCanFileBeTruncated
FsRtlCheckLockForReadAccess
RtlFindLongestRunClear
IoGetAttachedDeviceReference
KeInsertDeviceQueue
RtlEqualUnicodeString
KeSetTargetProcessorDpc
MmFreePagesFromMdl
IoGetDeviceInterfaces
IoReleaseCancelSpinLock
ZwQueryObject
IoWriteErrorLogEntry
IoDeleteDevice
ObQueryNameString
RtlFindClearBits
SeDeleteObjectAuditAlarm
IoCreateDevice
ZwDeleteValueKey
IoCancelIrp
RtlInitializeBitMap
PoCallDriver
RtlAreBitsSet
MmSizeOfMdl
RtlCompareMemory
RtlFindMostSignificantBit
CcFastCopyRead
SeDeassignSecurity
KeWaitForMultipleObjects
RtlCreateRegistryKey
RtlFindClearBitsAndSet
MmBuildMdlForNonPagedPool
ZwEnumerateKey
KeReadStateEvent
ZwOpenKey
RtlUnicodeToOemN
IoInitializeIrp
MmHighestUserAddress
RtlNtStatusToDosError
RtlUnicodeToMultiByteN
ZwOpenProcess
KeInitializeMutex
PsGetVersion
KeDeregisterBugCheckCallback
IoSetShareAccess
IoRequestDeviceEject
KeRemoveQueueDpc
ExDeleteNPagedLookasideList
ZwQueryKey
FsRtlGetNextFileLock
ObReferenceObjectByPointer
IoStartTimer
RtlUnicodeStringToInteger
KeQueryInterruptTime
RtlDeleteNoSplay
RtlUpcaseUnicodeChar
RtlInitializeGenericTable
ExGetExclusiveWaiterCount
ZwFreeVirtualMemory
ZwQueryInformationFile
IoDeleteSymbolicLink
IoRaiseHardError
SeTokenIsRestricted
RtlCopyUnicodeString
IoBuildSynchronousFsdRequest
RtlInsertUnicodePrefix
CcFastCopyWrite
RtlSubAuthoritySid
IoUpdateShareAccess
CcCopyRead
IoFreeMdl
KeStackAttachProcess
RtlFindLeastSignificantBit
ExInitializeResourceLite
RtlUpperChar
DbgBreakPointWithStatus
ExGetSharedWaiterCount
SeTokenIsAdmin
RtlInitAnsiString
ExUuidCreate
IoRegisterDeviceInterface
MmUnmapIoSpace
RtlUpcaseUnicodeString
ObReleaseObjectSecurity
MmResetDriverPaging
MmQuerySystemSize
RtlLengthRequiredSid
RtlMultiByteToUnicodeN
IoWMIRegistrationControl
KeClearEvent
MmMapLockedPagesSpecifyCache
RtlCopyLuid
RtlClearBits
RtlFindClearRuns
KeSetKernelStackSwapEnable
KeInitializeSemaphore
KeInsertHeadQueue
RtlClearAllBits
RtlGetVersion
ExGetPreviousMode
RtlTimeFieldsToTime
IoDeviceObjectType
ZwOpenSection
IoIsSystemThread
ExRegisterCallback
ZwOpenFile
ZwReadFile
RtlCopySid
PsDereferencePrimaryToken
KeSaveFloatingPointState
IoIsWdmVersionAvailable
PsCreateSystemThread
MmUnmapLockedPages
FsRtlIsTotalDeviceFailure
RtlMapGenericMask
IoFreeIrp
RtlAppendStringToString
PoSetSystemState
IoSetDeviceInterfaceState
RtlCreateSecurityDescriptor
RtlTimeToSecondsSince1980
ExDeleteResourceLite
KeQueryActiveProcessors
MmAllocateContiguousMemory
RtlInt64ToUnicodeString
ExSetTimerResolution
KeGetCurrentThread
IoRemoveShareAccess
SeAccessCheck
PsGetCurrentProcessId
FsRtlIsHpfsDbcsLegal
MmFreeContiguousMemory
RtlxUnicodeStringToAnsiSize
KeReadStateSemaphore
ZwQueryValueKey
RtlRandom
RtlCompareString
ZwEnumerateValueKey
IoStartNextPacket
KeInitializeEvent
RtlVerifyVersionInfo
IoAllocateController
RtlOemStringToUnicodeString
FsRtlIsFatDbcsLegal
KeRemoveByKeyDeviceQueue
FsRtlAllocateFileLock
ExRaiseDatatypeMisalignment
KeInsertQueueDpc
RtlDowncaseUnicodeString
IoAllocateMdl
PsTerminateSystemThread
IoGetDeviceInterfaceAlias
ExAcquireResourceSharedLite
MmAllocateNonCachedMemory
MmLockPagableDataSection
FsRtlLookupLastLargeMcbEntry
RtlCopyString
KeResetEvent
RtlCreateUnicodeString
IoOpenDeviceRegistryKey
ExLocalTimeToSystemTime
KeRegisterBugCheckCallback
RtlNumberOfClearBits
IoGetRelatedDeviceObject
ProbeForRead
IoAllocateErrorLogEntry
ExVerifySuite
KdDisableDebugger
ZwDeviceIoControlFile
IoReuseIrp
IoInitializeTimer
RtlHashUnicodeString
PsSetLoadImageNotifyRoutine
RtlFreeAnsiString
RtlCompareUnicodeString
ZwFlushKey
IoStartPacket
IoInvalidateDeviceRelations
IoCheckQuotaBufferValidity
IoGetStackLimits
IoConnectInterrupt
ZwDeleteKey
KeDelayExecutionThread
IoStopTimer
KeQueryTimeIncrement
IoGetAttachedDevice
PoStartNextPowerIrp
CcSetBcbOwnerPointer
ExIsProcessorFeaturePresent
PoRequestPowerIrp
IoAllocateWorkItem
KeUnstackDetachProcess
ZwCreateDirectoryObject
RtlPrefixUnicodeString
MmUnsecureVirtualMemory
CcDeferWrite
RtlGUIDFromString
IoCheckEaBufferValidity
RtlInitializeSid
RtlFindLastBackwardRunClear
RtlSetDaclSecurityDescriptor
KeReleaseMutex
KeRestoreFloatingPointState
SeSinglePrivilegeCheck
FsRtlDeregisterUncProvider
KeSetPriorityThread
RtlValidSid
IoFreeWorkItem
IoAcquireCancelSpinLock
PsLookupThreadByThreadId
MmSetAddressRangeModified
FsRtlMdlWriteCompleteDev
CcUnpinDataForThread
FsRtlCheckOplock
MmIsDriverVerifying
ZwCreateSection
ExSystemTimeToLocalTime
IoCreateStreamFileObjectLite
MmGetSystemRoutineAddress
KeRemoveEntryDeviceQueue
ExAllocatePoolWithQuotaTag
IoCreateSymbolicLink
SeImpersonateClientEx
MmUnlockPagableImageSection
PoUnregisterSystemState
KeSetTimerEx
FsRtlCheckLockForWriteAccess
RtlQueryRegistryValues
KeSetImportanceDpc
IoSetThreadHardErrorMode
PsGetCurrentProcess

Sections

.text
Size: 35KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 1024B - Virtual size: 583B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3797d6b751e47e6db9c0255c1e176d6a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 35KB - Virtual size: 39KB

.i_txt Size: 1KB - Virtual size: 1KB

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 1024B - Virtual size: 583B

.data Size: 25KB - Virtual size: 53KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 636B

.text
Size: 35KB - Virtual size: 39KB

.i_txt
Size: 1KB - Virtual size: 1KB

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 1024B - Virtual size: 583B

.data
Size: 25KB - Virtual size: 53KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 636B