4c3ac69f77c13843b8da68fbabc84d45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c3ac69f77c13843b8da68fbabc84d45_JaffaCakes118
Size

443KB
MD5

4c3ac69f77c13843b8da68fbabc84d45
SHA1

d1fd7596804d5b012acd47f0f1cf4e130d198b5a
SHA256

7e5df164b802fef85cf853c9b8cf862d5dc949c470f6069a43b320ab3d6f754d
SHA512

f073c0c2029975c7195415fe82d8cf0dbf2ea9c6d0ee3ae8cff714dd77a08a7e164d60d3a91b4ed7f219022b9219b2d370a96ce18f9e50631b54af4eebb8f08b
SSDEEP

6144:4+OfjMbA96Vid9szw77k6M8i1cES128JV3Lk1q13+pKSSFxi8d0Q7kTUxYcZkdQR:4PJs0MO128JtpuY9ccSI8tAZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3ac69f77c13843b8da68fbabc84d45_JaffaCakes118

Files

4c3ac69f77c13843b8da68fbabc84d45_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1d3f555c813849a985487b14f16fed05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\zxEsQiKxgTnT\renRQtngfjp\bnjmrnyNyYYVxk\eUuSpmykrmyELp.pdb

Imports

ntoskrnl.exe

MmAllocateContiguousMemory
ExFreePoolWithTag
FsRtlGetNextFileLock
FsRtlAllocateFileLock
IoIsWdmVersionAvailable
KeSetImportanceDpc
ExAllocatePoolWithQuotaTag
IoGetDeviceInterfaces
RtlCompareMemory
KdEnableDebugger
RtlUnicodeToOemN
IoGetAttachedDeviceReference
ExSetResourceOwnerPointer
KeSynchronizeExecution
RtlFindLeastSignificantBit
RtlFindMostSignificantBit
RtlCopySid
IoDeleteSymbolicLink
RtlFindClearBits
MmSecureVirtualMemory
RtlValidSecurityDescriptor
RtlVerifyVersionInfo
ProbeForRead
ZwQueryInformationFile
MmLockPagableSectionByHandle
SeAssignSecurity
MmUnmapIoSpace
KeInsertByKeyDeviceQueue
RtlInitializeSid
ExInitializeResourceLite
ExReleaseResourceLite
RtlRemoveUnicodePrefix
IoCheckQuotaBufferValidity
SeValidSecurityDescriptor
IoDetachDevice
ExUuidCreate
ExAcquireFastMutexUnsafe
ExRaiseAccessViolation
IoAllocateWorkItem
RtlCompareString
IoCreateSynchronizationEvent
MmUnsecureVirtualMemory
CcSetBcbOwnerPointer
IoStopTimer
RtlAnsiCharToUnicodeChar
IoMakeAssociatedIrp
KeEnterCriticalRegion
RtlSecondsSince1980ToTime
KeSetTargetProcessorDpc
KeReadStateTimer
IoReuseIrp
RtlFindNextForwardRunClear
IoRegisterDeviceInterface
IoAllocateMdl
IoFreeIrp
KeInitializeApc
RtlLengthSecurityDescriptor
SeQueryInformationToken
ExIsProcessorFeaturePresent
KeCancelTimer
CcCopyRead
MmForceSectionClosed
IoDeleteController
ZwQueryKey
RtlFindLastBackwardRunClear
SeOpenObjectAuditAlarm
RtlFillMemoryUlong
IoGetDeviceObjectPointer
PsGetVersion
PoSetSystemState
CcDeferWrite
ZwOpenSection
KeSetTimerEx
PsLookupProcessByProcessId
ZwDeleteValueKey
FsRtlLookupLastLargeMcbEntry
IoStartTimer
RtlFindSetBits
IoGetDeviceToVerify
IoSetDeviceInterfaceState
FsRtlFreeFileLock
KePulseEvent
IoDisconnectInterrupt
KeRemoveDeviceQueue
IoStartPacket
KeInsertQueueDpc
CcFastCopyWrite
KeInsertQueue
IoCheckEaBufferValidity
RtlMultiByteToUnicodeN
KeInitializeTimer
RtlUpcaseUnicodeToOemN
RtlFindLongestRunClear
CcPreparePinWrite
CcFastCopyRead
KeDelayExecutionThread
RtlNtStatusToDosError
SeQueryAuthenticationIdToken
ZwOpenProcess
ExFreePool
IoGetStackLimits
KeBugCheck
ExGetExclusiveWaiterCount
KeRemoveByKeyDeviceQueue
KeInitializeSpinLock
ExRaiseDatatypeMisalignment
ExDeleteResourceLite
MmFreePagesFromMdl
IoInitializeIrp
ZwCreateKey
KeQueryTimeIncrement
ExDeleteNPagedLookasideList
IoReleaseCancelSpinLock
PoRegisterSystemState
RtlUpperString
IoAllocateIrp
FsRtlCheckLockForReadAccess
KeStackAttachProcess
RtlAppendStringToString
RtlTimeFieldsToTime
IoGetRequestorProcessId
CcCopyWrite
KeInitializeTimerEx
RtlUnicodeToMultiByteN
RtlCopyString
ExSetTimerResolution
IoSetSystemPartition
ExLocalTimeToSystemTime
SeSinglePrivilegeCheck
ZwOpenKey
RtlSubAuthoritySid
RtlQueryRegistryValues
PoRequestPowerIrp
RtlMapGenericMask
RtlFindUnicodePrefix
RtlDeleteNoSplay
IoFreeController
ZwQueryVolumeInformationFile
IoWMIRegistrationControl
KeLeaveCriticalRegion
MmSetAddressRangeModified
RtlInitAnsiString
RtlInt64ToUnicodeString
KeRundownQueue
PsIsThreadTerminating
ObCreateObject
IoCreateNotificationEvent
SeDeleteObjectAuditAlarm
SeCaptureSubjectContext
PsGetCurrentThreadId
RtlAreBitsClear
ExRegisterCallback
IoStartNextPacket
PsGetCurrentProcess
RtlUnicodeStringToAnsiString
KeReadStateMutex
ZwQueryValueKey
KeInsertDeviceQueue
ZwDeleteKey
RtlEqualString
FsRtlFastUnlockSingle
ZwOpenSymbolicLinkObject
RtlSetAllBits
FsRtlCheckLockForWriteAccess
RtlTimeToSecondsSince1970
SeCreateClientSecurity
CcUnpinDataForThread
RtlAnsiStringToUnicodeString
CcIsThereDirtyData
SeImpersonateClientEx
RtlCopyLuid
MmUnlockPagableImageSection
RtlInitializeBitMap
ZwFreeVirtualMemory
MmMapIoSpace
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
RtlCopyUnicodeString
MmSizeOfMdl
MmPageEntireDriver
KeQuerySystemTime
ZwFlushKey
KeSetPriorityThread
RtlInitUnicodeString
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
RtlxAnsiStringToUnicodeSize
FsRtlNotifyInitializeSync
RtlEnumerateGenericTable
KeReleaseSemaphore
MmIsDriverVerifying
ZwEnumerateValueKey
RtlOemStringToUnicodeString
CcFastMdlReadWait
RtlSetDaclSecurityDescriptor
ZwFsControlFile
IoQueueWorkItem
FsRtlSplitLargeMcb
ZwOpenFile
ZwMapViewOfSection
RtlGetNextRange
IoGetBootDiskInformation
KeWaitForMultipleObjects
RtlInsertUnicodePrefix
IoBuildSynchronousFsdRequest
ZwReadFile
ExAcquireResourceSharedLite
PoStartNextPowerIrp
ZwQueryObject
MmQuerySystemSize
RtlFreeAnsiString
IoSetThreadHardErrorMode
ZwEnumerateKey
IoReportDetectedDevice
IoRequestDeviceEject
ZwClose
IoSetShareAccess
IoUpdateShareAccess
IoCreateFile
FsRtlDeregisterUncProvider
ZwCreateFile
MmMapLockedPagesSpecifyCache
RtlInitializeUnicodePrefix
IoOpenDeviceRegistryKey
ExRaiseStatus
KeRemoveQueueDpc
KeSetTimer
ZwQuerySymbolicLinkObject
ObQueryNameString
RtlAddAccessAllowedAceEx
ObGetObjectSecurity
ExReinitializeResourceLite
RtlInitString
RtlPrefixUnicodeString
IoGetDriverObjectExtension
IoCreateStreamFileObjectLite
MmLockPagableDataSection
RtlEqualSid
IoCreateSymbolicLink
IoCreateDevice
IoFreeMdl
KeClearEvent
IoAllocateErrorLogEntry
MmUnmapLockedPages
RtlLengthRequiredSid
ZwMakeTemporaryObject
KeFlushQueuedDpcs
KeInitializeDeviceQueue
IoGetDeviceProperty
RtlWriteRegistryValue
ExSystemTimeToLocalTime
KeRemoveEntryDeviceQueue
IoRemoveShareAccess
KeDeregisterBugCheckCallback
ExVerifySuite

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d3f555c813849a985487b14f16fed05

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 33KB - Virtual size: 36KB

.i_txt Size: 1024B - Virtual size: 1024B

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 1024B - Virtual size: 764B

.data Size: 25KB - Virtual size: 56KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 1024B - Virtual size: 656B

.text
Size: 33KB - Virtual size: 36KB

.i_txt
Size: 1024B - Virtual size: 1024B

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 1024B - Virtual size: 764B

.data
Size: 25KB - Virtual size: 56KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 656B