4697d2c29f2cb7b2e58c765b23e3d3f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4697d2c29f2cb7b2e58c765b23e3d3f6_JaffaCakes118
Size

331KB
MD5

4697d2c29f2cb7b2e58c765b23e3d3f6
SHA1

d7950e25ca6b45997d2ba0d3adf48e65525f6d37
SHA256

ff24c189a297644915bf0ae637f98614bde0d07fec01ad98782393e02d565128
SHA512

3f194eb359e0e88950414a275b2972042b20e51a4ac7ee79fae26249dccac2ffeea6070a91daeae4569e08033ab4449806d378e847067285a26b2b841949d35e
SSDEEP

6144:p68M7Cqi/zznv4sGA8sxWae6u2Bya/rtU61I+AK3uK6HxjnLJtQodWihh18:TqWLus4ae6lyap1I+Ayu7HxjnLbQU8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4697d2c29f2cb7b2e58c765b23e3d3f6_JaffaCakes118

Files

4697d2c29f2cb7b2e58c765b23e3d3f6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

550fe5a32de1ad5b50757d465bf2c7d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\iqujmfasuPqXN\SKwidIFfGAEh\tklwCcezlgZSi\InEdmxs.pdb

Imports

ntoskrnl.exe

IoGetRequestorProcess
IoCheckShareAccess
KePulseEvent
MmProbeAndLockProcessPages
KeRemoveByKeyDeviceQueue
SeSinglePrivilegeCheck
IoStopTimer
ExFreePoolWithTag
RtlCopySid
KeDelayExecutionThread
IoInvalidateDeviceRelations
ExReleaseFastMutexUnsafe
IoUnregisterFileSystem
MmUnlockPagableImageSection
DbgBreakPointWithStatus
PsImpersonateClient
RtlInitAnsiString
FsRtlFastCheckLockForRead
KeSetPriorityThread
ZwOpenSection
MmAllocateMappingAddress
RtlAreBitsClear
MmGetSystemRoutineAddress
SeUnlockSubjectContext
PoUnregisterSystemState
RtlCharToInteger
ExUuidCreate
CcCanIWrite
IoFreeIrp
CcSetDirtyPinnedData
RtlSubAuthoritySid
RtlClearBits
RtlxUnicodeStringToAnsiSize
MmFreeContiguousMemory
RtlInitializeBitMap
RtlUpperString
ZwOpenKey
ExIsProcessorFeaturePresent
MmFreeNonCachedMemory
PsGetCurrentProcessId
FsRtlGetNextFileLock
RtlSecondsSince1970ToTime
ExGetSharedWaiterCount
SeAppendPrivileges
ExNotifyCallback
MmUnsecureVirtualMemory
RtlFindMostSignificantBit
IoGetLowerDeviceObject
RtlCompareMemory
ZwCreateKey
CcFastCopyWrite
FsRtlFreeFileLock
ZwMakeTemporaryObject
KeUnstackDetachProcess
IoAcquireVpbSpinLock
PsTerminateSystemThread
RtlRandom
SeQueryAuthenticationIdToken
KeDeregisterBugCheckCallback
RtlUpcaseUnicodeToOemN
RtlInitializeSid
IoCreateSynchronizationEvent
RtlEqualString
IoGetTopLevelIrp
KeInitializeEvent
WmiQueryTraceInformation
ZwEnumerateValueKey
CcDeferWrite
RtlSetDaclSecurityDescriptor
VerSetConditionMask
SeSetSecurityDescriptorInfo
IoIsSystemThread
MmSizeOfMdl
SeOpenObjectAuditAlarm
RtlDeleteElementGenericTable
KdDisableDebugger
ZwOpenProcess
KeRemoveQueueDpc
KeClearEvent
RtlTimeToSecondsSince1980
IoSetSystemPartition
IoCreateStreamFileObject
ZwNotifyChangeKey
ObGetObjectSecurity
IoGetDriverObjectExtension
IoGetAttachedDeviceReference
RtlInsertUnicodePrefix
PsGetCurrentThreadId
MmProbeAndLockPages
IoInvalidateDeviceState
FsRtlNotifyInitializeSync
SeLockSubjectContext
FsRtlIsTotalDeviceFailure
IoGetStackLimits
ExDeletePagedLookasideList
KeQueryTimeIncrement
CcUninitializeCacheMap
MmForceSectionClosed
MmLockPagableDataSection
IoGetDeviceProperty
IoCreateDevice
IoWMIRegistrationControl
RtlFindLongestRunClear
PoStartNextPowerIrp
IoGetDeviceToVerify
IoCheckEaBufferValidity
IofCompleteRequest
RtlQueryRegistryValues
CcGetFileObjectFromBcb
RtlUnicodeStringToOemString
PsDereferencePrimaryToken
PsGetCurrentThread
CcUnpinDataForThread
ExAllocatePool
KeSetBasePriorityThread
IoAllocateIrp
IoReleaseVpbSpinLock
RtlCheckRegistryKey
IoReportDetectedDevice
IoFreeMdl
RtlDeleteNoSplay
IoGetDeviceInterfaceAlias
MmAllocateContiguousMemory
RtlMapGenericMask
KeInitializeSemaphore
IoAllocateErrorLogEntry
FsRtlIsDbcsInExpression
MmUnmapLockedPages
MmAdvanceMdl
SeCreateClientSecurity
RtlSetBits
KeSaveFloatingPointState
IoReadDiskSignature
IoRemoveShareAccess
RtlTimeToSecondsSince1970
KeLeaveCriticalRegion
KeQueryInterruptTime
FsRtlIsHpfsDbcsLegal
KeSetSystemAffinityThread
RtlDeleteRegistryValue
IofCallDriver
IoReleaseCancelSpinLock
IoSetShareAccess
RtlInitializeUnicodePrefix
SeCaptureSubjectContext
CcPinMappedData
KeInitializeTimerEx
ZwFsControlFile
IoQueryFileInformation
CcMdlRead
CcUnpinRepinnedBcb
RtlTimeFieldsToTime
MmFreeMappingAddress
CcFlushCache
ExQueueWorkItem
RtlTimeToTimeFields
CcSetBcbOwnerPointer
RtlValidSecurityDescriptor
KeEnterCriticalRegion
ExAcquireResourceSharedLite
PsGetProcessId
IoAllocateController
MmSecureVirtualMemory
FsRtlCheckLockForWriteAccess
RtlFindClearBitsAndSet
RtlSplay
KeInitializeTimer
ObfReferenceObject
ExAllocatePoolWithQuota
ZwCreateSection
RtlFindUnicodePrefix
RtlHashUnicodeString
IoCancelIrp
CcPreparePinWrite
RtlAppendStringToString
KeBugCheckEx
RtlPrefixUnicodeString
RtlDelete
KeInsertByKeyDeviceQueue
ObCreateObject
RtlUpperChar
ExGetPreviousMode
ObReleaseObjectSecurity
IoMakeAssociatedIrp
IoRequestDeviceEject
IoAllocateAdapterChannel
PoRequestPowerIrp
RtlGetNextRange
KeRegisterBugCheckCallback
KeInitializeQueue
PsCreateSystemThread
IoCreateDisk
ExAcquireFastMutexUnsafe
ZwWriteFile
KeSetImportanceDpc
RtlFillMemoryUlong
CcInitializeCacheMap
MmMapUserAddressesToPage
RtlFindClearRuns
IoIsOperationSynchronous
ObMakeTemporaryObject
SeDeleteObjectAuditAlarm
RtlNtStatusToDosError
RtlInt64ToUnicodeString
MmMapLockedPages
RtlUnicodeToMultiByteN
RtlFindLastBackwardRunClear
ZwQueryKey
IoAcquireRemoveLockEx
ExRaiseStatus
RtlCopyUnicodeString
IoVerifyVolume
IoSetHardErrorOrVerifyDevice
KeDetachProcess
MmSetAddressRangeModified
RtlUpcaseUnicodeString
RtlMultiByteToUnicodeN
ZwDeviceIoControlFile
IoCreateSymbolicLink
MmAddVerifierThunks
IoDeleteSymbolicLink
IoQueueWorkItem
RtlInitializeGenericTable
ExSetResourceOwnerPointer
RtlCopyString
MmFlushImageSection
RtlEqualUnicodeString
DbgPrompt
PoSetSystemState
MmIsDriverVerifying
CcPurgeCacheSection
IoThreadToProcess
DbgBreakPoint
CcRepinBcb
RtlAreBitsSet
MmUnmapIoSpace
RtlValidSid
IoCreateFile
KeReadStateMutex
RtlAddAccessAllowedAce
MmIsVerifierEnabled
CcRemapBcb
SeValidSecurityDescriptor
IoSetDeviceToVerify
ProbeForRead
IoReportResourceForDetection
KeSetTargetProcessorDpc
ExDeleteResourceLite
RtlGetCallersAddress
RtlUnicodeStringToAnsiString
KeRemoveDeviceQueue
RtlOemStringToUnicodeString
CcCopyWrite
CcUnpinData
CcZeroData
RtlVerifyVersionInfo
FsRtlCheckOplock
KeSynchronizeExecution
KeRemoveQueue
ZwCreateDirectoryObject
ZwCreateFile
IoDetachDevice
IoCreateStreamFileObjectLite

Exports

Exports

?CancelProjectA@@YGHJPAD]A
?OnCommandLineOriginal@@YGXPAK]A

Sections

.text
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbg
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

550fe5a32de1ad5b50757d465bf2c7d2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 43KB

.dbg Size: 512B - Virtual size: 80B

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 728B

.text
Size: 29KB - Virtual size: 43KB

.dbg
Size: 512B - Virtual size: 80B

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 728B