4c98c2755a237c8f591f480571ec8eae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c98c2755a237c8f591f480571ec8eae_JaffaCakes118
Size

63KB
MD5

4c98c2755a237c8f591f480571ec8eae
SHA1

6152c6491539fc68d0d1d634956c0fdc4253150f
SHA256

5797da0d06ca1eeb179536dc7627ef7796b0a3f293d9d07be2c4e2043462ca0d
SHA512

ecd09ba36a499e24f1e8345517a952f9c2f3319d8a48e07b1a3dbc64d147e37ee5f88f54222095511f4cdf1eb55c7fdc0317c1fddf0ee8ab5a7b91bbb5e8e03a
SSDEEP

768:AdD+VHBU81HyMTwkG2agIuq8G7NeKrDrlL1Va4AVEBQKuPNg6XcnqtppT:eWHyOSM3V5lq8G7NeKr44zoPtXcnqt/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c98c2755a237c8f591f480571ec8eae_JaffaCakes118

Files

4c98c2755a237c8f591f480571ec8eae_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5a9066da36f611c44b6815fe47f2182c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\PmcplCbm\JerjFlK\OcMMegeILvvPb\qlmajftzo\emviiTiO.pdb

Imports

ntoskrnl.exe

RtlFindClearBits
WmiQueryTraceInformation
SeAccessCheck
RtlFindMostSignificantBit
ZwQuerySymbolicLinkObject
RtlAppendStringToString
RtlCharToInteger
RtlInitAnsiString
RtlOemToUnicodeN
RtlFindLeastSignificantBit
RtlDeleteRegistryValue
SeDeleteObjectAuditAlarm
CcFastCopyWrite
MmUnlockPages
MmMapUserAddressesToPage
FsRtlCheckOplock
FsRtlFastUnlockSingle
RtlCompareUnicodeString
RtlFreeUnicodeString
ZwQueryKey
RtlMultiByteToUnicodeN
RtlCreateUnicodeString
ZwCreateEvent
KeReleaseMutex
RtlCopyString
IoInitializeTimer
ZwMapViewOfSection
IoAllocateErrorLogEntry
KeInitializeApc
RtlEnumerateGenericTable
KePulseEvent
RtlSetBits
FsRtlNotifyInitializeSync
MmAllocateNonCachedMemory
ZwSetSecurityObject
ObfDereferenceObject
KeDetachProcess
SeSetSecurityDescriptorInfo
IoReleaseRemoveLockEx
RtlRandom
PsSetLoadImageNotifyRoutine
IoSetHardErrorOrVerifyDevice
KeWaitForMultipleObjects
FsRtlIsHpfsDbcsLegal
ObInsertObject
MmAllocateContiguousMemory
ExNotifyCallback
RtlInsertUnicodePrefix
IoCheckEaBufferValidity
IofCompleteRequest
ExQueueWorkItem
ExDeletePagedLookasideList
IoConnectInterrupt
KeRemoveQueueDpc
MmCanFileBeTruncated
RtlSubAuthoritySid
KeReadStateEvent
KeSetBasePriorityThread
RtlWriteRegistryValue
KeClearEvent
SePrivilegeCheck
CcMdlWriteAbort
RtlClearBits
PoCallDriver
KeInsertHeadQueue
CcMdlReadComplete
MmMapLockedPages
RtlTimeToSecondsSince1980
RtlGetNextRange
PsCreateSystemThread
RtlInitializeUnicodePrefix
IoDisconnectInterrupt
PsLookupThreadByThreadId
IofCallDriver
ExGetExclusiveWaiterCount
IoRegisterFileSystem
RtlDelete
IoGetDriverObjectExtension
KeQueryTimeIncrement
RtlUpcaseUnicodeString
RtlUpperChar
MmIsDriverVerifying
SeDeassignSecurity
ObfReferenceObject
CcMdlWriteComplete
ProbeForRead
CcUninitializeCacheMap
ZwCreateDirectoryObject
RtlUnicodeStringToAnsiString
IoGetDeviceProperty
KeInsertQueueDpc
SeFreePrivileges
ObQueryNameString
ObGetObjectSecurity
ExCreateCallback
IoGetRelatedDeviceObject
RtlEqualSid
ZwFlushKey
IoGetDeviceAttachmentBaseRef
IoIsOperationSynchronous
RtlEqualString
RtlSetAllBits
ExRaiseAccessViolation
RtlUnicodeStringToOemString
IoCreateFile
KeUnstackDetachProcess
RtlUnicodeToOemN
IoStartNextPacket
IoOpenDeviceRegistryKey
MmUnmapReservedMapping
MmAllocateMappingAddress
CcUnpinData
RtlStringFromGUID
KeQuerySystemTime
IoCreateDevice
IoEnumerateDeviceObjectList
ZwSetValueKey
PsGetVersion
IoReportDetectedDevice
IoSetThreadHardErrorMode
RtlAreBitsSet
IoFreeWorkItem
ObCreateObject
KeInitializeDpc
SeValidSecurityDescriptor
RtlInt64ToUnicodeString
RtlInitString
ExAcquireFastMutexUnsafe
IoBuildPartialMdl
IoThreadToProcess
IoDeleteDevice
ObReleaseObjectSecurity
IoCancelIrp
ExSystemTimeToLocalTime
MmUnsecureVirtualMemory
RtlLengthSecurityDescriptor
IoWMIRegistrationControl
RtlAnsiStringToUnicodeString
ExRaiseStatus
PoStartNextPowerIrp
KeBugCheck
RtlFillMemoryUlong
ZwClose
KeInitializeTimer
RtlxOemStringToUnicodeSize
ObReferenceObjectByHandle
KeSetSystemAffinityThread
MmHighestUserAddress
CcZeroData
IoGetDmaAdapter
MmMapIoSpace
RtlCheckRegistryKey
ExGetSharedWaiterCount
IoVerifyVolume
FsRtlCheckLockForWriteAccess
PsGetCurrentProcess
RtlTimeToSecondsSince1970
PsGetThreadProcessId
PsGetCurrentProcessId
RtlDowncaseUnicodeString
ExUnregisterCallback
IoQueryFileDosDeviceName
ZwEnumerateKey
CcDeferWrite
RtlValidSecurityDescriptor
RtlMapGenericMask
MmGetSystemRoutineAddress
KefAcquireSpinLockAtDpcLevel
ExFreePoolWithTag
PoRequestPowerIrp
IoInitializeRemoveLockEx
RtlCopyLuid
IoCreateStreamFileObject
ZwUnloadDriver
IoWriteErrorLogEntry
IoUnregisterFileSystem
KeInsertByKeyDeviceQueue
KeReadStateTimer
MmSetAddressRangeModified
IoFreeMdl
IoGetStackLimits
KeRestoreFloatingPointState
FsRtlDeregisterUncProvider
MmFreeNonCachedMemory
RtlTimeToTimeFields
IoSetPartitionInformation
ExAllocatePoolWithQuotaTag
RtlHashUnicodeString
IoAllocateMdl
RtlxAnsiStringToUnicodeSize
RtlIntegerToUnicodeString
IoUpdateShareAccess
IoBuildSynchronousFsdRequest
ExDeleteResourceLite
ExUuidCreate
ZwOpenSection
KeSetEvent
ExSetResourceOwnerPointer
RtlFindLongestRunClear
MmFreeMappingAddress
SeImpersonateClientEx
CcIsThereDirtyData
CcRemapBcb
MmPageEntireDriver
KeSetTimerEx
RtlPrefixUnicodeString
ZwDeviceIoControlFile
CcMapData
IoSetStartIoAttributes
SeTokenIsAdmin
IoGetRequestorProcess
RtlUpcaseUnicodeToOemN
ExReleaseResourceLite
RtlGetCallersAddress
MmIsVerifierEnabled
KeReadStateMutex
ZwWriteFile
VerSetConditionMask
SeLockSubjectContext
KdDisableDebugger
KeSetPriorityThread
IoStartPacket
KeDeregisterBugCheckCallback
RtlExtendedIntegerMultiply
PoSetSystemState
RtlInitializeGenericTable
IoGetDeviceToVerify
SeFilterToken
ZwNotifyChangeKey
RtlFindUnicodePrefix
PsChargeProcessPoolQuota
ZwPowerInformation
PoSetPowerState
RtlDeleteElementGenericTable
IoVerifyPartitionTable
SeOpenObjectAuditAlarm
ExInitializeResourceLite
IoReportResourceForDetection
SeQueryInformationToken
ZwReadFile
CcCopyWrite
RtlVerifyVersionInfo
FsRtlCheckLockForReadAccess
RtlAddAccessAllowedAce
IoFreeIrp
CcPurgeCacheSection
IoWMIWriteEvent
KeInitializeTimerEx
FsRtlIsDbcsInExpression
RtlCopySid
IoGetDiskDeviceObject
PsReferencePrimaryToken
IoAcquireCancelSpinLock
ZwLoadDriver
IoMakeAssociatedIrp
MmBuildMdlForNonPagedPool
KeRundownQueue
RtlInitializeBitMap
IoGetBootDiskInformation
RtlVolumeDeviceToDosName
ZwQueryValueKey
KeSetTargetProcessorDpc

Exports

Exports

?KillWindowA@@YGEFPAGNF@Z
?InvalidateDateW@@YGPAKH@Z
?FindTextExA@@YGGPAFEJPAI@Z
?InstallListA@@YGHPAJFE@Z
?LoadSystemOriginal@@YGPAXEPAJ@Z
?GenerateFunctionA@@YGPANKPAGH@Z
?TimerExW@@YGMDM@Z
?CancelHeightOriginal@@YGIMEF@Z
?WindowEx@@YGXFPAJ@Z
?KillFullNameExW@@YGDPADPAG_N@Z
?CloseConfigA@@YGXGPAK@Z
?SendValueA@@YGFPAEPAHPAF_N@Z
?CrtCharOriginal@@YG_NJKM@Z
?FindDateOld@@YGXEHPAFF@Z
?KillMessageA@@YGKPAE@Z
?IncrementTaskExW@@YGHDII@Z
?RtlProfile@@YGPAGMMHH@Z
?AddMutexNew@@YGFE@Z
?AddKeyboardW@@YGPAMGH@Z
?ModifyEventExA@@YGXPAFFHI@Z
?InstallAppNameEx@@YGEMI@Z
?CallModuleEx@@YGEDHPAE@Z
?HideFilePathExA@@YGPAFPAID@Z
?ShowSystemExA@@YGXJDPAN@Z
?KillExpressionExW@@YGXPAD@Z
?RemoveWindow@@YGJDMNN@Z
?LoadListItemEx@@YGXJPADPAE_N@Z
?AddConfigA@@YGXMD@Z
?EnumTimeExA@@YGPAXF@Z
?HideListItemA@@YGPAGPANN@Z
?IncrementRect@@YGM_N@Z
?IsNameExW@@YGIIPAE@Z
?InvalidateKeyboardExA@@YGPAXPAFMDD@Z
?GetKeyboardNew@@YGXM@Z
?GlobalPointerOld@@YGFPAIIE@Z
?DecrementPathExA@@YGPAFPAKPAM@Z

Sections

.text
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 665B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a9066da36f611c44b6815fe47f2182c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 50KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 665B

.data Size: 29KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 656B

.text
Size: 22KB - Virtual size: 50KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 665B

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 656B