446022ffa698dde3dcb382ab8b38132c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

446022ffa698dde3dcb382ab8b38132c_JaffaCakes118
Size

128KB
MD5

446022ffa698dde3dcb382ab8b38132c
SHA1

a0559df3df7eb2bcfd3a4963ef4243e14da464c6
SHA256

f5e340fbc324cc9b8cc89730c66a030e3c39ae0fae5ff08d739a5f097f88d22b
SHA512

d66b4b2dd51396b1002349d6c4d85341f554220a99034414b2d2919982db9468023c25fc994399c1d0702560b5b135e1303e5921bbe098c18014db852a6b8bf3
SSDEEP

1536:QgzZ3CIYmMpGHJL90R12G7LmC5WrrJCGyd9DgIaslOrjdenE9yJb1f+XcNzI:d1iGp8MCLmC5WHAGyd9Dg6lsCJtI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
446022ffa698dde3dcb382ab8b38132c_JaffaCakes118

Files

446022ffa698dde3dcb382ab8b38132c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f37ffbc4f4642c6c468085a0afdf1960

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

halacpi.pdb

Imports

ntoskrnl.exe

KeSetTimeIncrement
KdEnteredDebugger
DbgBreakPoint
KiCoprocessorError
KeBugCheckEx
KeProfileInterrupt
KeSaveStateForHibernate
KiDeliverApc
KiDispatchInterrupt
KeSetEventBoostPriority
KeWaitForSingleObject
KiUnexpectedInterrupt
DbgPrint
KeFindConfigurationNextEntry
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
RtlInitUnicodeString
RtlIntegerToUnicodeString
ZwClose
RtlEqualUnicodeString
ZwOpenKey
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlUpperString
RtlInitAnsiString
sprintf
ZwCreateKey
ZwSetValueKey
IoAssignDriveLetters
IoReadPartitionTable
IoSetPartitionInformation
IoWritePartitionTable
strncpy
_stricmp
InbvAcquireDisplayOwnership
InbvCheckDisplayOwnership
KiBugCheckData
RtlMoveMemory
KeInitializeSpinLock
MmAllocateMappingAddress
MmUnmapReservedMapping
MmMapLockedPagesWithReservedMapping
MmMapLockedPagesSpecifyCache
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
RtlFindClearBitsAndSet
KeRemoveDeviceQueue
RtlClearBits
ObfDereferenceObject
IoFreeMdl
IoAllocateMdl
_allshr
MmUnmapLockedPages
KeSetEvent
RtlSetBits
IoRegisterPlugPlayNotification
IofCallDriver
IoBuildSynchronousFsdRequest
Kei386EoiHelper
IoGetDeviceObjectPointer
IoGetDeviceInterfaces
ExQueueWorkItem
KeInsertDeviceQueue
KeInitializeDpc
KeInsertQueueDpc
KeQuerySystemTime
RtlQueryRegistryValues
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
KeEnterKernelDebugger
KdDebuggerEnabled
KdDebuggerNotPresent
InbvSetScrollRegion
InbvEnableDisplayString
InbvInstallDisplayStringFilter
InbvSetTextColor
InbvSolidColorFill
InbvResetDisplay
InbvIsBootDriverInstalled
ZwEnumerateValueKey
ZwQueryKey
KiAcquireSpinLock
KiReleaseSpinLock
IoAssignResources
IoAllocateAdapterChannel
ObCreateObject
MmUnlockPagableImageSection
MmLockPagableDataSection
MmMapIoSpace
RtlSetAllBits
RtlInitializeBitMap
KeInitializeDeviceQueue
ObInsertObject
ObReferenceObjectByPointer
IoAdapterObjectType
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
IofCompleteRequest
PoStartNextPowerIrp
ObfReferenceObject
IoReportDetectedDevice
IoCreateDriver
WRITE_REGISTER_UCHAR
PoSetHiberRange
KeSetTargetProcessorDpc
KeSetImportanceDpc
HalPrivateDispatchTable
IoReportHalResourceUsage
MmUnmapIoSpace
MmAllocateContiguousMemory
_except_handler3
RtlTimeFieldsToTime
ZwPowerInformation
ExRegisterCallback
ExCreateCallback
HalDispatchTable
InbvDisplayString
strstr
KeInitializeEvent
KeUpdateSystemTime

kdcom

KdRestore

Exports

Exports

ExAcquireFastMutex
ExReleaseFastMutex
ExTryToAcquireFastMutex
HalAcquireDisplayOwnership
HalAdjustResourceList
HalAllProcessorsStarted
HalAllocateAdapterChannel
HalAllocateCommonBuffer
HalAllocateCrashDumpRegisters
HalAssignSlotResources
HalBeginSystemInterrupt
HalCalibratePerformanceCounter
HalClearSoftwareInterrupt
HalDisableSystemInterrupt
HalDisplayString
HalEnableSystemInterrupt
HalEndSystemInterrupt
HalFlushCommonBuffer
HalFreeCommonBuffer
HalGetAdapter
HalGetBusData
HalGetBusDataByOffset
HalGetEnvironmentVariable
HalGetInterruptVector
HalHandleNMI
HalInitSystem
HalInitializeProcessor
HalMakeBeep
HalProcessorIdle
HalQueryDisplayParameters
HalQueryRealTimeClock
HalReadDmaCounter
HalReportResourceUsage
HalRequestIpi
HalRequestSoftwareInterrupt
HalReturnToFirmware
HalSetBusData
HalSetBusDataByOffset
HalSetDisplayParameters
HalSetEnvironmentVariable
HalSetProfileInterval
HalSetRealTimeClock
HalSetTimeIncrement
HalStartNextProcessor
HalStartProfileInterrupt
HalStopProfileInterrupt
HalSystemVectorDispatchEntry
HalTranslateBusAddress
IoAssignDriveLetters
IoFlushAdapterBuffers
IoFreeAdapterChannel
IoFreeMapRegisters
IoMapTransfer
IoReadPartitionTable
IoSetPartitionInformation
IoWritePartitionTable
KdComPortInUse
KeAcquireInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLockRaiseToSynch
KeAcquireQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
KeAcquireSpinLock
KeAcquireSpinLockRaiseToSynch
KeFlushWriteBuffer
KeGetCurrentIrql
KeLowerIrql
KeQueryPerformanceCounter
KeRaiseIrql
KeRaiseIrqlToDpcLevel
KeRaiseIrqlToSynchLevel
KeReleaseInStackQueuedSpinLock
KeReleaseQueuedSpinLock
KeReleaseSpinLock
KeStallExecutionProcessor
KeTryToAcquireQueuedSpinLock
KeTryToAcquireQueuedSpinLockRaiseToSynch
KfAcquireSpinLock
KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
READ_PORT_BUFFER_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_USHORT
READ_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
WRITE_PORT_BUFFER_UCHAR
WRITE_PORT_BUFFER_ULONG
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITCONS
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK16
Size: 256B - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f37ffbc4f4642c6c468085a0afdf1960

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

kdcom

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 5KB - Virtual size: 5KB

INITCONS Size: 512B - Virtual size: 512B

PAGELK Size: 7KB - Virtual size: 7KB

PAGELK16 Size: 256B - Virtual size: 130B

PAGE Size: 11KB - Virtual size: 11KB

PAGEKD Size: 4KB - Virtual size: 4KB

.edata Size: 3KB - Virtual size: 2KB

INIT Size: 11KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 5KB - Virtual size: 5KB

INITCONS
Size: 512B - Virtual size: 512B

PAGELK
Size: 7KB - Virtual size: 7KB

PAGELK16
Size: 256B - Virtual size: 130B

PAGE
Size: 11KB - Virtual size: 11KB

PAGEKD
Size: 4KB - Virtual size: 4KB

.edata
Size: 3KB - Virtual size: 2KB

INIT
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 3KB