3983ac5d7172f77339c1f4ae3e0f6db6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3983ac5d7172f77339c1f4ae3e0f6db6_JaffaCakes118
Size

57KB
MD5

3983ac5d7172f77339c1f4ae3e0f6db6
SHA1

cc791f8f538050721e0eab196ece57b28b7f4fef
SHA256

f074c6300a31b5ff2e8bffbc5b10f0ffcaf7fca54bb5280870f2d04cf69c00e2
SHA512

1f898b0117754eb093afee31ab88e2a95d0d18ab41896c997a9dcdd483631c243b494a1fdbc568ae51c458d5ec9fc1f0e61e99d98434e5cdad9c600811ba0bf1
SSDEEP

1536:jsluUzORr51SIIKhXy+QZmUcViZZ/3ZhnjrRQCq:QW51S9yX4Z3r/phiC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3983ac5d7172f77339c1f4ae3e0f6db6_JaffaCakes118

Files

3983ac5d7172f77339c1f4ae3e0f6db6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

36394c1645f4a429ddc17b39190eb0d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\cllyXiU\eeyvfJKyIuph\mCokrvmkbXlz\zXwIsyqdtp\dlVhyllqPuc.pdb

Imports

ntoskrnl.exe

RtlSetAllBits
ZwCreateKey
IoCreateSymbolicLink
IoCreateSynchronizationEvent
IoReportResourceForDetection
IoDeviceObjectType
MmIsThisAnNtAsSystem
PoSetSystemState
KeInitializeEvent
KeReleaseMutex
RtlSetBits
IoGetDeviceInterfaces
RtlVerifyVersionInfo
MmFreeNonCachedMemory
IoInitializeTimer
ExGetPreviousMode
PsReturnPoolQuota
IoAllocateMdl
MmGetSystemRoutineAddress
ExAllocatePoolWithQuotaTag
KeResetEvent
KeReadStateSemaphore
IoGetBootDiskInformation
IoCancelIrp
KeInitializeTimer
SeQueryInformationToken
FsRtlIsNameInExpression
FsRtlMdlWriteCompleteDev
IoRaiseHardError
ExInitializeResourceLite
RtlFindUnicodePrefix
IoGetRequestorProcessId
RtlDeleteElementGenericTable
RtlExtendedIntegerMultiply
ExSetResourceOwnerPointer
ZwOpenProcess
MmMapLockedPagesSpecifyCache
FsRtlIsFatDbcsLegal
RtlFindLongestRunClear
IoAcquireRemoveLockEx
KeRundownQueue
RtlCreateRegistryKey
IoMakeAssociatedIrp
SeOpenObjectAuditAlarm
RtlCompareMemory
RtlQueryRegistryValues
MmAdvanceMdl
KeWaitForSingleObject
FsRtlIsTotalDeviceFailure
IoSetShareAccess
IoVolumeDeviceToDosName
ZwFreeVirtualMemory
PsGetCurrentProcessId
KeRestoreFloatingPointState
ZwDeleteKey
SeTokenIsRestricted
IoVerifyPartitionTable
ZwCreateFile
KeDeregisterBugCheckCallback
MmGetPhysicalAddress
ZwPowerInformation
RtlValidSecurityDescriptor
MmSizeOfMdl
MmAllocateNonCachedMemory
ProbeForRead
ExQueueWorkItem
RtlxAnsiStringToUnicodeSize
IoFreeErrorLogEntry
RtlClearAllBits
CcIsThereDirtyData
IoDeleteDevice
RtlFillMemoryUlong
ProbeForWrite
IoGetAttachedDeviceReference
CcZeroData
RtlRemoveUnicodePrefix
RtlDelete
RtlUpcaseUnicodeString
VerSetConditionMask
IoFreeController
ExDeleteResourceLite
RtlSecondsSince1970ToTime
ZwEnumerateKey
MmFlushImageSection
RtlOemToUnicodeN
RtlUpperString
ExLocalTimeToSystemTime
KeSynchronizeExecution
RtlAppendStringToString
KeSaveFloatingPointState
KeLeaveCriticalRegion
MmSecureVirtualMemory
IofCallDriver
RtlCopyString
FsRtlCheckLockForWriteAccess
RtlCopySid
ZwSetValueKey
ZwQueryVolumeInformationFile
KeInitializeQueue
IoDisconnectInterrupt
IoAcquireVpbSpinLock
KeInitializeDpc
FsRtlSplitLargeMcb
IoSetSystemPartition
RtlSubAuthoritySid
CcMdlReadComplete
ExUnregisterCallback
KeClearEvent
KeReadStateTimer
ZwCreateEvent
ZwSetSecurityObject
KefAcquireSpinLockAtDpcLevel
CcSetFileSizes
PoCallDriver
IoCreateStreamFileObjectLite
IoReuseIrp
SeCaptureSubjectContext
KeInsertQueueDpc
CcRepinBcb
MmLockPagableDataSection
KeInsertQueue
KeUnstackDetachProcess
PsGetProcessId
RtlFreeAnsiString
IoSetTopLevelIrp
RtlEqualUnicodeString
RtlxOemStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUnicodeStringToInteger
FsRtlFastUnlockSingle
IoDetachDevice
KdDisableDebugger
RtlCopyUnicodeString
ExSystemTimeToLocalTime
PoUnregisterSystemState
KeRemoveQueue
MmMapUserAddressesToPage
KeGetCurrentThread
IoCreateDevice
IoEnumerateDeviceObjectList
RtlUnicodeToMultiByteN
RtlFindClearRuns
FsRtlNotifyInitializeSync
IoSetPartitionInformationEx
CcSetReadAheadGranularity
SeLockSubjectContext
ObReleaseObjectSecurity
MmAllocateMappingAddress
CcMdlWriteAbort
KeInitializeDeviceQueue
ExAcquireResourceSharedLite
RtlAnsiCharToUnicodeChar
PsTerminateSystemThread
KeInitializeSemaphore
CcRemapBcb
IoAllocateAdapterChannel
IoUpdateShareAccess
ZwQueryInformationFile
ObReferenceObjectByPointer
IoReleaseVpbSpinLock
WmiQueryTraceInformation
ZwSetVolumeInformationFile
IoReleaseCancelSpinLock
KeInsertHeadQueue
MmUnmapIoSpace
IoQueueWorkItem
ObCreateObject
IoCheckQuotaBufferValidity
ExDeletePagedLookasideList
RtlTimeToSecondsSince1980
CcUnpinData
ExAllocatePoolWithTag
SeSinglePrivilegeCheck
HalExamineMBR
KeSetImportanceDpc
IoGetDeviceProperty
ZwUnloadDriver
ObMakeTemporaryObject
ExRaiseAccessViolation
IoAllocateIrp
CcCopyWrite
RtlDeleteNoSplay
MmCanFileBeTruncated
RtlInitializeBitMap
PsReferencePrimaryToken
MmUnmapLockedPages
IoInitializeRemoveLockEx
IoGetDriverObjectExtension
KePulseEvent
MmFreeMappingAddress
KeSetBasePriorityThread
IoStartPacket
KeRegisterBugCheckCallback
IoReadPartitionTableEx
RtlCheckRegistryKey
RtlRandom
FsRtlLookupLastLargeMcbEntry
ZwOpenKey
RtlInitString
SeValidSecurityDescriptor
CcUnpinDataForThread
SeAccessCheck
CcCopyRead
RtlAreBitsClear
ZwQueryKey
CcDeferWrite
RtlInt64ToUnicodeString
RtlValidSid
SeAssignSecurity
RtlFindSetBits
RtlCharToInteger
RtlUpperChar
IoCheckShareAccess
ObfDereferenceObject
ExReleaseResourceLite
SeTokenIsAdmin
KeSetPriorityThread
RtlFindLastBackwardRunClear
IoReleaseRemoveLockAndWaitEx
IoRemoveShareAccess
IoReportDetectedDevice
RtlFindClearBits
ExFreePool
IoVerifyVolume
RtlNumberOfClearBits
KeDetachProcess
ExAllocatePool
RtlNtStatusToDosError
RtlInitializeSid
ObOpenObjectByPointer
RtlTimeToSecondsSince1970
IoDeleteSymbolicLink
RtlUnicodeToOemN
IoReadDiskSignature
IoUnregisterFileSystem
RtlInitAnsiString
FsRtlFastCheckLockForRead
FsRtlGetNextFileLock
RtlHashUnicodeString
RtlGUIDFromString
RtlCreateSecurityDescriptor
KeSetTimer
SePrivilegeCheck
RtlDowncaseUnicodeString
RtlFindNextForwardRunClear
MmIsVerifierEnabled
ZwMapViewOfSection
MmMapLockedPages
RtlInsertUnicodePrefix
KeRemoveEntryDeviceQueue
MmQuerySystemSize
PsGetCurrentThread
IoIsOperationSynchronous
RtlOemStringToUnicodeString
RtlAreBitsSet
IoRequestDeviceEject
PsChargeProcessPoolQuota
RtlAddAccessAllowedAceEx
ExRegisterCallback
PsGetCurrentProcess
MmFreePagesFromMdl
RtlFindMostSignificantBit
MmSetAddressRangeModified

Exports

Exports

?ShowPointOriginal@@YGFPAMIHPAK]A
?CloseMemoryW@@YGXPAMI]A
?CopyKeyNameOriginal@@YGHG]A
?OnFileExA@@YGMFMPAK]A
?ValidateHeightEx@@YGJM_NPAJE]A
?FreeTimeEx@@YGPAXPAHDKPAF]A
?CopyComponentExA@@YGXMMG]A
?InsertAppNameOriginal@@YGPADNPAM]A
?SetSize@@YGPAFIPAE]A
?InstallMemoryOriginal@@YGID]A
?IncrementMutant@@YGGKH]A
?IsFunctionA@@YGMI_N]A
?SendWidth@@YGDMDPAGPAM]A
?SetHeightOriginal@@YGIPA_NPADH]A
?RtlPath@@YGXDIJ]A
?DeleteRectNew@@YGPAKPADNPAGE]A
?InstallFolderW@@YGDH]A
?HideExpressionOld@@YGFE]A
?SetRectOriginal@@YGENGI]A
?IsNotClassEx@@YGXPADD]A
?IsValidSemaphoreOriginal@@YGGPAKPADM]A
?ValidatePenEx@@YGDDF]A
?FindPenOriginal@@YGPAGKH]A
?FullName@@YGPAMHMMM]A
?LoadMutexOriginal@@YGXDNM]A
?DecrementPathOriginal@@YGHKPAJFH]A
?OnDialogExA@@YGPAIPAI]A
?IncrementValueA@@YGIIPA_NIG]A
?FreeFunctionA@@YGIJGPAJ]A
?OnHeaderW@@YGPA_NNPAE]A
?PutListEx@@YGIK]A
?IncrementMonitorOld@@YGHKFHH]A
?SetRectNew@@YGPAXF_NKI]A
?InvalidateHeaderA@@YGFPAJPA_NE]A
?CallTimerW@@YGPAMMPAHIN]A
?SendMessageExW@@YGID]A
?PutKeyboardNew@@YGXPAJPAEPAG]A

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 587B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36394c1645f4a429ddc17b39190eb0d0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 587B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 587B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 704B