39980d47c5d57f5624e68337940510e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39980d47c5d57f5624e68337940510e7_JaffaCakes118
Size

267KB
MD5

39980d47c5d57f5624e68337940510e7
SHA1

3bc7fa898197146410081f5830280d4844f79f46
SHA256

c2e5c4cbb4f73a995dbf045ca33f6dbc60bd94b13f9687bb417aa6f2aab49145
SHA512

3e90a5c161ebedf37afd9c14596c6da6993e7043d728a625e0b38b3b19a281a8ce68e40dc52d6f11ce8622e5025191187a6203eb595c84ea862cbf4fdb1befe7
SSDEEP

3072:VdoDZG6NC2JoBWlTTjwfdITIR3JttuN5bOiCvPgmuw2KqDojTY2oIqKafGSlCk/r:VynJoBQwVwette322cmfGSwk/Nj1uni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39980d47c5d57f5624e68337940510e7_JaffaCakes118

Files

39980d47c5d57f5624e68337940510e7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

15c148e23593d68951208d7b1552ec33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\xorxlZzSoMpdQ\wmuxnPivkmXD\hwkSJpi.pdb

Imports

ntoskrnl.exe

RtlCreateSecurityDescriptor
PoRequestPowerIrp
KeRemoveQueue
MmSecureVirtualMemory
IoCheckEaBufferValidity
IoSetHardErrorOrVerifyDevice
RtlUpperChar
SeDeleteObjectAuditAlarm
IoIsWdmVersionAvailable
DbgBreakPointWithStatus
RtlFindLongestRunClear
RtlOemToUnicodeN
KeSetPriorityThread
RtlUnicodeToOemN
ZwDeleteKey
KePulseEvent
IoGetTopLevelIrp
RtlCompareString
PsIsThreadTerminating
VerSetConditionMask
RtlExtendedIntegerMultiply
IoDisconnectInterrupt
KeRemoveDeviceQueue
KeSetEvent
ZwNotifyChangeKey
RtlCreateUnicodeString
IoRequestDeviceEject
KeInsertHeadQueue
RtlPrefixUnicodeString
RtlVolumeDeviceToDosName
SeDeassignSecurity
FsRtlCheckLockForReadAccess
KeClearEvent
FsRtlNotifyInitializeSync
ZwCreateFile
RtlTimeToTimeFields
MmFlushImageSection
ZwQuerySymbolicLinkObject
CcDeferWrite
SeUnlockSubjectContext
RtlInitAnsiString
FsRtlFastCheckLockForRead
IoReleaseRemoveLockEx
RtlDelete
RtlCopyString
IoDeleteSymbolicLink
ZwClose
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlSetAllBits
ExFreePoolWithTag
MmUnmapLockedPages
KeAttachProcess
IoVolumeDeviceToDosName
IoAllocateAdapterChannel
ExSetTimerResolution
CcPreparePinWrite
KeInitializeTimer
RtlVerifyVersionInfo
MmCanFileBeTruncated
CcMdlReadComplete
IoWMIWriteEvent
IoQueryDeviceDescription
KeSetKernelStackSwapEnable
MmSizeOfMdl
KeInitializeApc
SeOpenObjectAuditAlarm
IoGetDeviceProperty
PsGetCurrentThread
RtlxUnicodeStringToAnsiSize
CcGetFileObjectFromBcb
ZwCreateEvent
KeQueryActiveProcessors
CcSetBcbOwnerPointer
MmGetSystemRoutineAddress
RtlAnsiCharToUnicodeChar
ZwEnumerateValueKey
IoAllocateIrp
RtlDeleteRegistryValue
IoAllocateController
IoConnectInterrupt
CcSetReadAheadGranularity
IoCreateDisk
ZwQueryValueKey
ExVerifySuite
ExRaiseAccessViolation
RtlFillMemoryUlong
IoQueueWorkItem
ZwSetSecurityObject
RtlIsNameLegalDOS8Dot3
PoSetPowerState
CcFastMdlReadWait
MmFreePagesFromMdl
KeInsertQueue
FsRtlMdlWriteCompleteDev
KeDetachProcess
IoGetAttachedDeviceReference
IoGetRequestorProcess
RtlTimeToSecondsSince1970
MmAdvanceMdl
MmUnlockPages
CcCanIWrite
IoWriteErrorLogEntry
MmFreeContiguousMemory
RtlUnicodeStringToAnsiString
IoQueryFileInformation
ZwCreateDirectoryObject
KeInitializeDeviceQueue
ExGetSharedWaiterCount
FsRtlFastUnlockSingle
ZwPowerInformation
MmProbeAndLockProcessPages
RtlGetVersion
IoGetLowerDeviceObject
ZwFlushKey
SeSinglePrivilegeCheck
KeInsertDeviceQueue
KeSynchronizeExecution
IoGetDmaAdapter
IoGetDeviceInterfaces
KeQueryTimeIncrement
RtlEqualSid
IoAcquireCancelSpinLock
RtlUnicodeStringToOemString
KeSetTargetProcessorDpc
RtlCopyLuid
ZwDeleteValueKey
MmQuerySystemSize
IoCreateSynchronizationEvent
RtlInitString
ObInsertObject
RtlRandom
CcUninitializeCacheMap
IoUnregisterFileSystem
HalExamineMBR
MmMapLockedPages
RtlCopySid
ZwCreateKey
RtlInitializeSid
CcCopyWrite
KeInitializeQueue
MmFreeNonCachedMemory
RtlSetDaclSecurityDescriptor
MmForceSectionClosed
RtlDeleteElementGenericTable
ExLocalTimeToSystemTime
KeReadStateSemaphore
ExGetPreviousMode
MmLockPagableSectionByHandle
ObCreateObject
CcSetFileSizes
CcMdlWriteComplete
MmGetPhysicalAddress
ZwCreateSection
MmIsVerifierEnabled
ExAcquireResourceSharedLite
IoGetDiskDeviceObject
RtlLengthSid
KeInitializeSpinLock
RtlFindMostSignificantBit
IoGetBootDiskInformation
KeWaitForMultipleObjects
PsImpersonateClient
RtlCopyUnicodeString
KeInsertByKeyDeviceQueue
RtlTimeToSecondsSince1980
KeResetEvent
SeQueryAuthenticationIdToken
SeAppendPrivileges
IoBuildSynchronousFsdRequest
IoAllocateMdl
IoGetDriverObjectExtension
RtlValidSecurityDescriptor
ExRegisterCallback
RtlEnumerateGenericTable
IoSetDeviceInterfaceState
ObReferenceObjectByPointer
PsLookupThreadByThreadId
RtlDeleteNoSplay
RtlWriteRegistryValue
PsGetCurrentThreadId
IoGetStackLimits
MmAllocateNonCachedMemory
ZwMapViewOfSection
RtlFindNextForwardRunClear
KeSetBasePriorityThread
SeAssignSecurity
KeRundownQueue
IoInitializeIrp
KeSaveFloatingPointState
KeRevertToUserAffinityThread
WmiQueryTraceInformation
IoReportDetectedDevice
IoGetAttachedDevice
CcMdlWriteAbort
IoVerifyPartitionTable
RtlInsertUnicodePrefix
ZwMakeTemporaryObject
FsRtlNotifyUninitializeSync
RtlInitializeBitMap
PoSetSystemState
RtlLengthSecurityDescriptor
ZwEnumerateKey
IoAcquireVpbSpinLock
KeRemoveQueueDpc
FsRtlDeregisterUncProvider
IoCreateStreamFileObjectLite
KeLeaveCriticalRegion
RtlNumberOfClearBits
FsRtlCheckOplock
RtlFindClearBits
SeFilterToken
ObGetObjectSecurity
FsRtlGetNextFileLock
FsRtlIsHpfsDbcsLegal
RtlAreBitsClear
SeImpersonateClientEx
ExSystemTimeToLocalTime
IoDetachDevice
IoSetPartitionInformation
IoGetRequestorProcessId
CcMapData
FsRtlCheckLockForWriteAccess
KeRemoveEntryDeviceQueue
FsRtlAllocateFileLock
RtlRemoveUnicodePrefix
KeUnstackDetachProcess
SeValidSecurityDescriptor
ZwQueryObject
ExReinitializeResourceLite
KeQuerySystemTime
ZwSetVolumeInformationFile
ProbeForRead
RtlFreeUnicodeString
KeReadStateMutex
KeEnterCriticalRegion
IoDeleteDevice
PsRevertToSelf
RtlSplay
IoCheckShareAccess
IoWritePartitionTableEx
PoUnregisterSystemState
ExRaiseStatus
CcPurgeCacheSection
IoStartTimer
RtlCompareUnicodeString
IoCheckQuotaBufferValidity
SeReleaseSubjectContext
IoEnumerateDeviceObjectList
ZwFsControlFile
SePrivilegeCheck
RtlHashUnicodeString
DbgBreakPoint
IoFreeIrp
ZwSetValueKey
IoInitializeRemoveLockEx
RtlGetCallersAddress
IoSetStartIoAttributes

Exports

Exports

?FindDateNew@@YGPAXPAEI&U
?IncrementWidthW@@YGIPAIPAKHPA_N&U
?CrtAppNameOriginal@@YGEG&U
?LoadNameEx@@YGEGPAKID&U
?DeleteConfigEx@@YGPAIPAF&U
?InstallHeaderA@@YGXMPAHPAJ&U
?CrtExpressionNew@@YGPAEGPAMI&U
?ModifyMonitor@@YGXJ&U
?SetArgumentOld@@YGXPAJ_NPAGM&U
?InstallFullNameW@@YGPAIH&U
?GetExpressionOriginal@@YGMPA_NDIE&U
?InvalidateRect@@YGPAXPAI&U
?SendPointerOriginal@@YGXPAGGPAH&U
?AddArgumentOld@@YGGFE&U
?CallArgumentExA@@YGXPAH_NHI&U
?AddPathEx@@YGPAKPAJPAM&U
?SendMutexExA@@YGPA_NMIJG&U
?AddModuleA@@YGPAJPAKMK&U
?GenerateExpressionW@@YGJPADPAM&U
?AddFunction@@YGPAMPAMKPAJE&U
?FindPointEx@@YGNPAH&U
?CrtFilePathEx@@YGMN&U
?InvalidateValue@@YGE_NPAM&U
?IncrementHeaderW@@YGPAXPAIPAEM&U
?InstallExpressionOld@@YGKK&U
?SetPenOld@@YGGPAHJ&U
?ShowHeightExA@@YGPAXGJGD&U
?RtlDataExA@@YGPAGF_NDD&U
?CloseKeyNameA@@YGXGPAHI&U
?CrtMessageW@@YGPAIIPAEHM&U
?ValidateConfigEx@@YGPAEPAKPADMG&U
?GetMessage@@YGGPAJEE&U
?InvalidateSection@@YGPAH_NMPAEPAG&U

Sections

.text
Size: 29KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 481B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15c148e23593d68951208d7b1552ec33

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 53KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 481B

.data Size: 37KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 652B

.text
Size: 29KB - Virtual size: 53KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 481B

.data
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 652B