ntdll.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
484f46d5dde0413ae36c0cc506347f04_JaffaCakes118.dll
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
484f46d5dde0413ae36c0cc506347f04_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
484f46d5dde0413ae36c0cc506347f04_JaffaCakes118
-
Size
702KB
-
MD5
484f46d5dde0413ae36c0cc506347f04
-
SHA1
9a50a3b78ab66a72d6cb631bfc86b88307a39f76
-
SHA256
0ef3012115a06b4179e817f389fc283d3db546e11fe77f21c8d1eb50103b034f
-
SHA512
24cc62d5bf7e39b5565fd8f9a0c983fc85f66ed6920856821477b3661d4a781bc7576a875113a3d30808e5dda2fee9e14af75033ddf842e04ccfe0906fd06964
-
SSDEEP
12288:tMHQhCzvQdJkdCFgFxOKRBIs5NY1NO3lyfnHbfwlXqMmlk3Q108CIeM3:tcQhCzvxVMn8x7mi3X8TeM3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 484f46d5dde0413ae36c0cc506347f04_JaffaCakes118
Files
-
484f46d5dde0413ae36c0cc506347f04_JaffaCakes118.dll windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Exports
Exports
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrNewThread
CsrProbeForRead
CsrProbeForWrite
CsrSetPriorityClass
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
KiFastSystemCall
KiFastSystemCallRet
KiIntSystemCall
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
LdrAccessOutOfProcessResource
LdrAccessResource
LdrAddRefDll
LdrAlternateResourcesEnabled
LdrCreateOutOfProcessImage
LdrDestroyOutOfProcessImage
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFindCreateProcessManifest
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllHandle
LdrGetDllHandleEx
LdrGetProcedureAddress
LdrHotPatchRoutine
LdrInitShimEngineDynamic
LdrInitializeThunk
LdrLoadAlternateResourceModule
LdrLoadDll
LdrLockLoaderLock
LdrProcessRelocationBlock
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrSetAppCompatDllRedirectionCallback
LdrSetDllManifestProber
LdrShutdownProcess
LdrShutdownThread
LdrUnloadAlternateResourceModule
LdrUnloadDll
LdrUnlockLoaderLock
LdrVerifyImageMatchesChecksum
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAddAtom
NtAddBootEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAlertResumeThread
NtAlertThread
NtAllocateLocallyUniqueId
NtAllocateUserPhysicalPages
NtAllocateUuids
NtAllocateVirtualMemory
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtCallbackReturn
NtCancelDeviceWakeupRequest
NtCancelIoFile
NtCancelTimer
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCompactKeys
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIoCompletion
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyedEvent
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePort
NtCreateProcess
NtCreateProcessEx
NtCreateProfile
NtCreateSection
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateTimer
NtCreateToken
NtCreateWaitablePort
NtCurrentTeb
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeleteValueKey
NtDeviceIoControlFile
NtDisplayString
NtDuplicateObject
NtDuplicateToken
NtEnumerateBootEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateValueKey
NtExtendSection
NtFilterToken
NtFindAtom
NtFlushBuffersFile
NtFlushInstructionCache
NtFlushKey
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFsControlFile
NtGetContextThread
NtGetDevicePowerState
NtGetPlugPlayEvent
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtListenPort
NtLoadDriver
NtLoadKey
NtLoadKey2
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtModifyBootEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtOpenDirectoryObject
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenSection
NtOpenSemaphore
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtPlugPlayControl
NtPowerInformation
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtProtectVirtualMemory
NtPulseEvent
NtQueryAttributesFile
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryObject
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationThread
NtQueryInformationToken
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryKey
NtQueryMultipleValueKey
NtQueryMutant
NtQueryObject
NtQueryOpenSubKeys
NtQueryPerformanceCounter
NtQueryPortInformationProcess
NtQueryQuotaInformationFile
NtQuerySection
NtQuerySecurityObject
NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQuerySystemEnvironmentValue
NtQuerySystemEnvironmentValueEx
NtQuerySystemInformation
NtQuerySystemTime
NtQueryTimer
NtQueryTimerResolution
NtQueryValueKey
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtQueueApcThread
NtRaiseException
NtRaiseHardError
NtReadFile
NtReadFileScatter
NtReadRequestData
NtReadVirtualMemory
NtRegisterThreadTerminatePort
NtReleaseKeyedEvent
NtReleaseMutant
NtReleaseSemaphore
NtRemoveIoCompletion
NtRemoveProcessDebug
NtRenameKey
NtReplaceKey
NtReplyPort
NtReplyWaitReceivePort
NtReplyWaitReceivePortEx
NtReplyWaitReplyPort
NtRequestDeviceWakeup
NtRequestPort
NtRequestWaitReplyPort
NtRequestWakeupLatency
NtResetEvent
NtResetWriteWatch
NtRestoreKey
NtResumeProcess
NtResumeThread
NtSaveKey
NtSaveKeyEx
NtSaveMergedKeys
NtSecureConnectPort
NtSetBootEntryOrder
NtSetBootOptions
NtSetContextThread
NtSetDebugFilterState
NtSetDefaultHardErrorPort
NtSetDefaultLocale
NtSetDefaultUILanguage
NtSetEaFile
NtSetEvent
NtSetEventBoostPriority
NtSetHighEventPair
NtSetHighWaitLowEventPair
NtSetInformationDebugObject
NtSetInformationFile
NtSetInformationJobObject
NtSetInformationKey
NtSetInformationObject
NtSetInformationProcess
NtSetInformationThread
NtSetInformationToken
NtSetIntervalProfile
NtSetIoCompletion
NtSetLdtEntries
NtSetLowEventPair
NtSetLowWaitHighEventPair
NtSetQuotaInformationFile
NtSetSecurityObject
NtSetSystemEnvironmentValue
NtSetSystemEnvironmentValueEx
NtSetSystemInformation
NtSetSystemPowerState
NtSetSystemTime
NtSetThreadExecutionState
NtSetTimer
NtSetTimerResolution
NtSetUuidSeed
NtSetValueKey
NtSetVolumeInformationFile
NtShutdownSystem
NtSignalAndWaitForSingleObject
NtStartProfile
NtStopProfile
NtSuspendProcess
NtSuspendThread
NtSystemDebugControl
NtTerminateJobObject
NtTerminateProcess
NtTerminateThread
NtTestAlert
NtTraceEvent
NtTranslateFilePath
NtUnloadDriver
NtUnloadKey
NtUnloadKeyEx
NtUnlockFile
NtUnlockVirtualMemory
NtUnmapViewOfSection
NtVdmControl
NtWaitForDebugEvent
NtWaitForKeyedEvent
NtWaitForMultipleObjects
NtWaitForSingleObject
NtWaitHighEventPair
NtWaitLowEventPair
NtWriteFile
NtWriteFileGather
NtWriteRequestData
NtWriteVirtualMemory
NtYieldExecution
PfxFindPrefix
PfxInitialize
PfxInsertPrefix
PfxRemovePrefix
PropertyLengthAsVariant
RtlAbortRXact
RtlAbsoluteToSelfRelativeSD
RtlAcquirePebLock
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlActivateActivationContext
RtlActivateActivationContextEx
RtlActivateActivationContextUnsafeFast
RtlAddAccessAllowedAce
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAccessDeniedObjectAce
RtlAddAce
RtlAddActionToRXact
RtlAddAtomToAtomTable
RtlAddAttributeActionToRXact
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAuditAccessObjectAce
RtlAddCompoundAce
RtlAddRange
RtlAddRefActivationContext
RtlAddRefMemoryStream
RtlAddVectoredExceptionHandler
RtlAddressInSectionTable
RtlAdjustPrivilege
RtlAllocateAndInitializeSid
RtlAllocateHandle
RtlAllocateHeap
RtlAnsiCharToUnicodeChar
RtlAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlAppendAsciizToString
RtlAppendPathElement
RtlAppendStringToString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplicationVerifierStop
RtlApplyRXact
RtlApplyRXactNoFlush
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlAreBitsClear
RtlAreBitsSet
RtlAssert
RtlAssert2
RtlCancelTimer
RtlCaptureContext
RtlCaptureStackBackTrace
RtlCaptureStackContext
RtlCharToInteger
RtlCheckForOrphanedCriticalSections
RtlCheckProcessParameters
RtlCheckRegistryKey
RtlClearAllBits
RtlClearBits
RtlCloneMemoryStream
RtlCommitMemoryStream
RtlCompactHeap
RtlCompareMemory
RtlCompareMemoryUlong
RtlCompareString
RtlCompareUnicodeString
RtlCompressBuffer
RtlComputeCrc32
RtlComputeImportTableHash
RtlComputePrivatizedDllName_U
RtlConsoleMultiByteToUnicodeN
RtlConvertExclusiveToShared
RtlConvertLongToLargeInteger
RtlConvertPropertyToVariant
RtlConvertSharedToExclusive
RtlConvertSidToUnicodeString
RtlConvertToAutoInheritSecurityObject
RtlConvertUiListToApiList
RtlConvertUlongToLargeInteger
RtlConvertVariantToProperty
RtlCopyLuid
RtlCopyLuidAndAttributesArray
RtlCopyMemoryStreamTo
RtlCopyOutOfProcessMemoryStreamTo
RtlCopyRangeList
RtlCopySecurityDescriptor
RtlCopySid
RtlCopySidAndAttributesArray
RtlCopyString
RtlCopyUnicodeString
RtlCreateAcl
RtlCreateActivationContext
RtlCreateAndSetSD
RtlCreateAtomTable
RtlCreateBootStatusDataFile
RtlCreateEnvironment
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateQueryDebugBuffer
RtlCreateRegistryKey
RtlCreateSecurityDescriptor
RtlCreateServiceSid
RtlCreateSystemVolumeInformationFolder
RtlCreateTagHeap
RtlCreateTimer
RtlCreateTimerQueue
RtlCreateUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlCreateUserProcess
RtlCreateUserSecurityObject
RtlCreateUserThread
RtlCustomCPToUnicodeN
RtlCutoverTimeToSystemTime
RtlDeNormalizeProcessParams
RtlDeactivateActivationContext
RtlDeactivateActivationContextUnsafeFast
RtlDebugPrintTimes
RtlDecodePointer
RtlDecodeSystemPointer
RtlDecompressBuffer
RtlDecompressFragment
RtlDefaultNpAcl
RtlDelete
RtlDeleteAce
RtlDeleteAtomFromAtomTable
RtlDeleteCriticalSection
RtlDeleteElementGenericTable
RtlDeleteElementGenericTableAvl
RtlDeleteNoSplay
RtlDeleteOwnersRanges
RtlDeleteRange
RtlDeleteRegistryValue
RtlDeleteResource
Sections
.text Size: 497KB - Virtual size: 496KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 180KB - Virtual size: 179KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ