4482475bc086ab47c9a51c0850c10b16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4482475bc086ab47c9a51c0850c10b16_JaffaCakes118
Size

76KB
MD5

4482475bc086ab47c9a51c0850c10b16
SHA1

694eb94b48f4b2db67f89b62ae65c54086d2714f
SHA256

13ef409cf108e2660bad243b0f7e1e4b3c1bfe84f8b1775561479dc9d82df158
SHA512

0eeffdda5308f7ccedfe9099dc5557a36faa09f498e0661971c8b5680827b16a82044db8522d948c940c1adb81d7505e2a6dd1d8566107fc7448ca3df5345cb7
SSDEEP

1536:hsluUzORr51SIIKhXy+QZmUcViZZ/3ZhnjrRQCqBRsMDt11x:aW51S9yX4Z3r/phiCmzDt1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4482475bc086ab47c9a51c0850c10b16_JaffaCakes118

Files

4482475bc086ab47c9a51c0850c10b16_JaffaCakes118
.dll windows:5 windows x86 arch:x86

36394c1645f4a429ddc17b39190eb0d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\cllyXiU\eeyvfJKyIuph\mCokrvmkbXlz\zXwIsyqdtp\dlVhyllqPuc.pdb

Imports

ntoskrnl.exe

RtlSetAllBits
ZwCreateKey
IoCreateSymbolicLink
IoCreateSynchronizationEvent
IoReportResourceForDetection
IoDeviceObjectType
MmIsThisAnNtAsSystem
PoSetSystemState
KeInitializeEvent
KeReleaseMutex
RtlSetBits
IoGetDeviceInterfaces
RtlVerifyVersionInfo
MmFreeNonCachedMemory
IoInitializeTimer
ExGetPreviousMode
PsReturnPoolQuota
IoAllocateMdl
MmGetSystemRoutineAddress
ExAllocatePoolWithQuotaTag
KeResetEvent
KeReadStateSemaphore
IoGetBootDiskInformation
IoCancelIrp
KeInitializeTimer
SeQueryInformationToken
FsRtlIsNameInExpression
FsRtlMdlWriteCompleteDev
IoRaiseHardError
ExInitializeResourceLite
RtlFindUnicodePrefix
IoGetRequestorProcessId
RtlDeleteElementGenericTable
RtlExtendedIntegerMultiply
ExSetResourceOwnerPointer
ZwOpenProcess
MmMapLockedPagesSpecifyCache
FsRtlIsFatDbcsLegal
RtlFindLongestRunClear
IoAcquireRemoveLockEx
KeRundownQueue
RtlCreateRegistryKey
IoMakeAssociatedIrp
SeOpenObjectAuditAlarm
RtlCompareMemory
RtlQueryRegistryValues
MmAdvanceMdl
KeWaitForSingleObject
FsRtlIsTotalDeviceFailure
IoSetShareAccess
IoVolumeDeviceToDosName
ZwFreeVirtualMemory
PsGetCurrentProcessId
KeRestoreFloatingPointState
ZwDeleteKey
SeTokenIsRestricted
IoVerifyPartitionTable
ZwCreateFile
KeDeregisterBugCheckCallback
MmGetPhysicalAddress
ZwPowerInformation
RtlValidSecurityDescriptor
MmSizeOfMdl
MmAllocateNonCachedMemory
ProbeForRead
ExQueueWorkItem
RtlxAnsiStringToUnicodeSize
IoFreeErrorLogEntry
RtlClearAllBits
CcIsThereDirtyData
IoDeleteDevice
RtlFillMemoryUlong
ProbeForWrite
IoGetAttachedDeviceReference
CcZeroData
RtlRemoveUnicodePrefix
RtlDelete
RtlUpcaseUnicodeString
VerSetConditionMask
IoFreeController
ExDeleteResourceLite
RtlSecondsSince1970ToTime
ZwEnumerateKey
MmFlushImageSection
RtlOemToUnicodeN
RtlUpperString
ExLocalTimeToSystemTime
KeSynchronizeExecution
RtlAppendStringToString
KeSaveFloatingPointState
KeLeaveCriticalRegion
MmSecureVirtualMemory
IofCallDriver
RtlCopyString
FsRtlCheckLockForWriteAccess
RtlCopySid
ZwSetValueKey
ZwQueryVolumeInformationFile
KeInitializeQueue
IoDisconnectInterrupt
IoAcquireVpbSpinLock
KeInitializeDpc
FsRtlSplitLargeMcb
IoSetSystemPartition
RtlSubAuthoritySid
CcMdlReadComplete
ExUnregisterCallback
KeClearEvent
KeReadStateTimer
ZwCreateEvent
ZwSetSecurityObject
KefAcquireSpinLockAtDpcLevel
CcSetFileSizes
PoCallDriver
IoCreateStreamFileObjectLite
IoReuseIrp
SeCaptureSubjectContext
KeInsertQueueDpc
CcRepinBcb
MmLockPagableDataSection
KeInsertQueue
KeUnstackDetachProcess
PsGetProcessId
RtlFreeAnsiString
IoSetTopLevelIrp
RtlEqualUnicodeString
RtlxOemStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUnicodeStringToInteger
FsRtlFastUnlockSingle
IoDetachDevice
KdDisableDebugger
RtlCopyUnicodeString
ExSystemTimeToLocalTime
PoUnregisterSystemState
KeRemoveQueue
MmMapUserAddressesToPage
KeGetCurrentThread
IoCreateDevice
IoEnumerateDeviceObjectList
RtlUnicodeToMultiByteN
RtlFindClearRuns
FsRtlNotifyInitializeSync
IoSetPartitionInformationEx
CcSetReadAheadGranularity
SeLockSubjectContext
ObReleaseObjectSecurity
MmAllocateMappingAddress
CcMdlWriteAbort
KeInitializeDeviceQueue
ExAcquireResourceSharedLite
RtlAnsiCharToUnicodeChar
PsTerminateSystemThread
KeInitializeSemaphore
CcRemapBcb
IoAllocateAdapterChannel
IoUpdateShareAccess
ZwQueryInformationFile
ObReferenceObjectByPointer
IoReleaseVpbSpinLock
WmiQueryTraceInformation
ZwSetVolumeInformationFile
IoReleaseCancelSpinLock
KeInsertHeadQueue
MmUnmapIoSpace
IoQueueWorkItem
ObCreateObject
IoCheckQuotaBufferValidity
ExDeletePagedLookasideList
RtlTimeToSecondsSince1980
CcUnpinData
ExAllocatePoolWithTag
SeSinglePrivilegeCheck
HalExamineMBR
KeSetImportanceDpc
IoGetDeviceProperty
ZwUnloadDriver
ObMakeTemporaryObject
ExRaiseAccessViolation
IoAllocateIrp
CcCopyWrite
RtlDeleteNoSplay
MmCanFileBeTruncated
RtlInitializeBitMap
PsReferencePrimaryToken
MmUnmapLockedPages
IoInitializeRemoveLockEx
IoGetDriverObjectExtension
KePulseEvent
MmFreeMappingAddress
KeSetBasePriorityThread
IoStartPacket
KeRegisterBugCheckCallback
IoReadPartitionTableEx
RtlCheckRegistryKey
RtlRandom
FsRtlLookupLastLargeMcbEntry
ZwOpenKey
RtlInitString
SeValidSecurityDescriptor
CcUnpinDataForThread
SeAccessCheck
CcCopyRead
RtlAreBitsClear
ZwQueryKey
CcDeferWrite
RtlInt64ToUnicodeString
RtlValidSid
SeAssignSecurity
RtlFindSetBits
RtlCharToInteger
RtlUpperChar
IoCheckShareAccess
ObfDereferenceObject
ExReleaseResourceLite
SeTokenIsAdmin
KeSetPriorityThread
RtlFindLastBackwardRunClear
IoReleaseRemoveLockAndWaitEx
IoRemoveShareAccess
IoReportDetectedDevice
RtlFindClearBits
ExFreePool
IoVerifyVolume
RtlNumberOfClearBits
KeDetachProcess
ExAllocatePool
RtlNtStatusToDosError
RtlInitializeSid
ObOpenObjectByPointer
RtlTimeToSecondsSince1970
IoDeleteSymbolicLink
RtlUnicodeToOemN
IoReadDiskSignature
IoUnregisterFileSystem
RtlInitAnsiString
FsRtlFastCheckLockForRead
FsRtlGetNextFileLock
RtlHashUnicodeString
RtlGUIDFromString
RtlCreateSecurityDescriptor
KeSetTimer
SePrivilegeCheck
RtlDowncaseUnicodeString
RtlFindNextForwardRunClear
MmIsVerifierEnabled
ZwMapViewOfSection
MmMapLockedPages
RtlInsertUnicodePrefix
KeRemoveEntryDeviceQueue
MmQuerySystemSize
PsGetCurrentThread
IoIsOperationSynchronous
RtlOemStringToUnicodeString
RtlAreBitsSet
IoRequestDeviceEject
PsChargeProcessPoolQuota
RtlAddAccessAllowedAceEx
ExRegisterCallback
PsGetCurrentProcess
MmFreePagesFromMdl
RtlFindMostSignificantBit
MmSetAddressRangeModified

Exports

Exports

?ShowPointOriginal@@YGFPAMIHPAK]A
?CloseMemoryW@@YGXPAMI]A
?CopyKeyNameOriginal@@YGHG]A
?OnFileExA@@YGMFMPAK]A
?ValidateHeightEx@@YGJM_NPAJE]A
?FreeTimeEx@@YGPAXPAHDKPAF]A
?CopyComponentExA@@YGXMMG]A
?InsertAppNameOriginal@@YGPADNPAM]A
?SetSize@@YGPAFIPAE]A
?InstallMemoryOriginal@@YGID]A
?IncrementMutant@@YGGKH]A
?IsFunctionA@@YGMI_N]A
?SendWidth@@YGDMDPAGPAM]A
?SetHeightOriginal@@YGIPA_NPADH]A
?RtlPath@@YGXDIJ]A
?DeleteRectNew@@YGPAKPADNPAGE]A
?InstallFolderW@@YGDH]A
?HideExpressionOld@@YGFE]A
?SetRectOriginal@@YGENGI]A
?IsNotClassEx@@YGXPADD]A
?IsValidSemaphoreOriginal@@YGGPAKPADM]A
?ValidatePenEx@@YGDDF]A
?FindPenOriginal@@YGPAGKH]A
?FullName@@YGPAMHMMM]A
?LoadMutexOriginal@@YGXDNM]A
?DecrementPathOriginal@@YGHKPAJFH]A
?OnDialogExA@@YGPAIPAI]A
?IncrementValueA@@YGIIPA_NIG]A
?FreeFunctionA@@YGIJGPAJ]A
?OnHeaderW@@YGPA_NNPAE]A
?PutListEx@@YGIK]A
?IncrementMonitorOld@@YGHKFHH]A
?SetRectNew@@YGPAXF_NKI]A
?InvalidateHeaderA@@YGFPAJPA_NE]A
?CallTimerW@@YGPAMMPAHIN]A
?SendMessageExW@@YGID]A
?PutKeyboardNew@@YGXPAJPAEPAG]A

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 587B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36394c1645f4a429ddc17b39190eb0d0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 587B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 587B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 704B