42d332de9c0cfb70314569b084d6e503_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42d332de9c0cfb70314569b084d6e503_JaffaCakes118
Size

331KB
MD5

42d332de9c0cfb70314569b084d6e503
SHA1

e481779e44367af42891a738040a2cf9afb9afe1
SHA256

b21c9a3bdf070b1609053e87db9baff47051563664111602d214646116090429
SHA512

5cf67ff202705299841415dd8eaaaa6f3ef5b908b1b5f9d6f54e24d96e022a54d84f10d752a0228dae1a5e0de3b250999eab9f4de9235e665547bde88d14086a
SSDEEP

6144:ERN9KwjhAIIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQ0dWihh1Bm:EbE57EXpYrVpmt9jy1l+7xWsH/jzI2QJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d332de9c0cfb70314569b084d6e503_JaffaCakes118

Files

42d332de9c0cfb70314569b084d6e503_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b6d22247393ccb9ec1c2f443e2f7aede

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\dhvhukVY\gzTyKphZgvv\ewqwnatnfH\bkVxvFmkr\qwhkhhO.pdb

Imports

ntoskrnl.exe

IoAllocateMdl
FsRtlNotifyUninitializeSync
RtlSetDaclSecurityDescriptor
IoCreateStreamFileObjectLite
ZwOpenFile
KeSetEvent
RtlAppendStringToString
RtlFreeOemString
KeRundownQueue
ZwDeviceIoControlFile
RtlFindLongestRunClear
RtlAddAccessAllowedAceEx
IoCheckQuotaBufferValidity
IoMakeAssociatedIrp
KeRemoveQueueDpc
ZwCreateSection
IoAllocateWorkItem
MmFlushImageSection
RtlxOemStringToUnicodeSize
KeReleaseMutex
ExAllocatePool
ExAllocatePoolWithQuotaTag
RtlSetAllBits
RtlFindLastBackwardRunClear
CcUnpinData
RtlDowncaseUnicodeString
ExInitializeResourceLite
IoGetBootDiskInformation
IoGetCurrentProcess
KeInsertQueueDpc
CcUnpinDataForThread
RtlCompareUnicodeString
CcMdlRead
MmBuildMdlForNonPagedPool
IoDeleteController
KeReadStateSemaphore
PsGetCurrentProcessId
KeInsertByKeyDeviceQueue
MmQuerySystemSize
SeReleaseSubjectContext
IoSetDeviceToVerify
IoReportDetectedDevice
SeImpersonateClientEx
PsGetThreadProcessId
IoInitializeIrp
RtlSecondsSince1970ToTime
ExRaiseStatus
MmFreeContiguousMemory
ExRaiseDatatypeMisalignment
IoReadPartitionTable
ExGetExclusiveWaiterCount
RtlCreateAcl
PsReturnPoolQuota
KeInitializeDeviceQueue
IoGetDeviceInterfaceAlias
IoWMIRegistrationControl
ExRegisterCallback
IoReportResourceForDetection
SeCreateClientSecurity
PsReferencePrimaryToken
IoStartNextPacket
IoGetDriverObjectExtension
RtlFindMostSignificantBit
RtlUpcaseUnicodeToOemN
ZwPowerInformation
KeInitializeTimer
ZwMakeTemporaryObject
IoSetHardErrorOrVerifyDevice
KeRestoreFloatingPointState
IoGetAttachedDevice
SeAccessCheck
IoDeviceObjectType
RtlInitString
RtlUnicodeStringToInteger
ZwDeleteKey
PoCallDriver
IoFreeErrorLogEntry
MmMapLockedPagesSpecifyCache
IoSetSystemPartition
IoThreadToProcess
KeSetTargetProcessorDpc
IoIsSystemThread
KeInitializeSpinLock
KeInitializeApc
KdEnableDebugger
RtlPrefixUnicodeString
RtlCreateUnicodeString
MmAllocateMappingAddress
KdDisableDebugger
FsRtlIsDbcsInExpression
SeSinglePrivilegeCheck
IoCreateNotificationEvent
FsRtlIsFatDbcsLegal
MmLockPagableDataSection
ExSystemTimeToLocalTime
CcMdlReadComplete
SeFreePrivileges
RtlVolumeDeviceToDosName
IoCreateSynchronizationEvent
IoSetThreadHardErrorMode
IoAllocateController
ZwSetSecurityObject
ExReleaseResourceLite
PoUnregisterSystemState
RtlGUIDFromString
ZwQueryInformationFile
MmProbeAndLockProcessPages
RtlInt64ToUnicodeString
MmUnlockPagableImageSection
KeInitializeEvent
RtlOemToUnicodeN
IoGetRequestorProcessId
ZwWriteFile
ExLocalTimeToSystemTime
IoUpdateShareAccess
RtlUpperChar
KePulseEvent
PoRegisterSystemState
MmIsThisAnNtAsSystem
MmUnsecureVirtualMemory
ExSetTimerResolution
CcSetBcbOwnerPointer
IoRaiseHardError
IoSetShareAccess
PsGetProcessExitTime
RtlUnicodeStringToAnsiString
CcPurgeCacheSection
PsCreateSystemThread
RtlEnumerateGenericTable
RtlInitAnsiString
KeDetachProcess
ZwQueryKey
CcRemapBcb
MmMapUserAddressesToPage
RtlLengthRequiredSid
IoGetDeviceObjectPointer
PsLookupThreadByThreadId
CcUnpinRepinnedBcb
IoGetDeviceAttachmentBaseRef
MmAllocatePagesForMdl
RtlLengthSid
CcSetReadAheadGranularity
KeReadStateMutex
CcZeroData
KeLeaveCriticalRegion
KefAcquireSpinLockAtDpcLevel
IoAllocateIrp
IoRemoveShareAccess
SeValidSecurityDescriptor
RtlSubAuthoritySid
RtlMultiByteToUnicodeN
RtlRemoveUnicodePrefix
ExSetResourceOwnerPointer
CcSetFileSizes
ExIsProcessorFeaturePresent
MmHighestUserAddress
RtlSplay
KeQueryTimeIncrement
RtlClearBits
IoStartTimer
DbgBreakPointWithStatus
ZwClose
ZwFreeVirtualMemory
SeCaptureSubjectContext
FsRtlLookupLastLargeMcbEntry
MmFreePagesFromMdl
FsRtlMdlWriteCompleteDev
PsChargeProcessPoolQuota
CcCanIWrite
IoSetDeviceInterfaceState
CcMapData
KeQuerySystemTime
IoUnregisterFileSystem
ExReinitializeResourceLite
CcSetDirtyPinnedData
RtlxUnicodeStringToAnsiSize
IoInitializeTimer
IoGetDeviceProperty
RtlFreeUnicodeString
IoVolumeDeviceToDosName
RtlSetBits
RtlFindClearBits
ZwLoadDriver
IoStartPacket
KeResetEvent
SePrivilegeCheck
KeInitializeSemaphore
ExFreePoolWithTag
FsRtlIsHpfsDbcsLegal
IoStopTimer
RtlEqualSid
IoReadPartitionTableEx
ZwCreateDirectoryObject
PsGetProcessId
ZwCreateEvent
MmMapLockedPages
RtlFindClearRuns
CcFlushCache
KeInsertQueue
IoReleaseRemoveLockAndWaitEx
RtlTimeToTimeFields
IoInvalidateDeviceState
MmAddVerifierThunks
IoInitializeRemoveLockEx
IoAllocateErrorLogEntry
RtlCharToInteger
ExGetSharedWaiterCount
ExReleaseFastMutexUnsafe
MmPageEntireDriver
IoWriteErrorLogEntry
IoVerifyPartitionTable
CcInitializeCacheMap
SeLockSubjectContext
KeQueryInterruptTime
ObOpenObjectByPointer
ExVerifySuite
ExDeleteNPagedLookasideList
IoGetTopLevelIrp
MmUnmapReservedMapping
IoReleaseCancelSpinLock
SeAppendPrivileges
MmSecureVirtualMemory
RtlFillMemoryUlong
ZwMapViewOfSection
IoCreateSymbolicLink
IoWritePartitionTableEx
KeReadStateTimer
RtlInitializeSid
KeSetBasePriorityThread
IofCompleteRequest
RtlxAnsiStringToUnicodeSize
IoSetTopLevelIrp
RtlCompareMemory
IoFreeMdl
MmGetPhysicalAddress
ZwOpenSymbolicLinkObject
MmIsAddressValid
IoQueryFileDosDeviceName
MmCanFileBeTruncated
ObReferenceObjectByPointer
MmAllocateContiguousMemory
IoWMIWriteEvent
RtlCopyUnicodeString
SeQueryAuthenticationIdToken
KeRemoveQueue
ObInsertObject
SeUnlockSubjectContext
MmGetSystemRoutineAddress
IoGetRequestorProcess
RtlGetVersion
IoCreateDisk
RtlValidSecurityDescriptor
RtlInitializeBitMap
CcRepinBcb

Exports

Exports

?PutOptionA@@IJJPAMK@X
?GetKeyNameExW@@IJNPAKPAJF_N@X
?FreeDataOriginal@@IJPAGFIJ@X
?DecrementCommandLineExW@@IJHIGPAD@X

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vars1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars2
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vptr1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr2
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6d22247393ccb9ec1c2f443e2f7aede

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.vars1 Size: 512B - Virtual size: 32B

.vars2 Size: 512B - Virtual size: 32B

.vars3 Size: 512B - Virtual size: 32B

.vars4 Size: 512B - Virtual size: 32B

.vptr1 Size: 512B - Virtual size: 32B

.vptr2 Size: 512B - Virtual size: 32B

.vptr3 Size: 512B - Virtual size: 32B

.vptr4 Size: 512B - Virtual size: 32B

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 1024B - Virtual size: 564B

.text
Size: 15KB - Virtual size: 15KB

.vars1
Size: 512B - Virtual size: 32B

.vars2
Size: 512B - Virtual size: 32B

.vars3
Size: 512B - Virtual size: 32B

.vars4
Size: 512B - Virtual size: 32B

.vptr1
Size: 512B - Virtual size: 32B

.vptr2
Size: 512B - Virtual size: 32B

.vptr3
Size: 512B - Virtual size: 32B

.vptr4
Size: 512B - Virtual size: 32B

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 1024B - Virtual size: 564B