4db4ac3e27c6509f2711db9cf7cad533_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4db4ac3e27c6509f2711db9cf7cad533_JaffaCakes118
Size

440KB
MD5

4db4ac3e27c6509f2711db9cf7cad533
SHA1

e542d6bfc6c3435a5bf603d4496596791e46c082
SHA256

2d0ae1ed29923a1a2629bd0eb352dc74fa4f3a3536e40207053d9a6628f606fa
SHA512

606c4e0144e8b4671f14f76c00af6860e0089d8b00bcf2804dfae9c2b610105d8b13a654eb778fbdf539e3265f49076d1bafb5af28e89c6bc3978dcdffb85467
SSDEEP

6144:VfuCrxaM/mg1AV+qhBodU6hgMMQj9FegLn8CG4I8nzLE64FnfslzfnSKhH:VWOaJg+hBodU6mML9Fege4I02fqzv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db4ac3e27c6509f2711db9cf7cad533_JaffaCakes118

Files

4db4ac3e27c6509f2711db9cf7cad533_JaffaCakes118
.dll windows:5 windows x86 arch:x86

02ef1047b311e950562876194c85b019

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\hmtafgneyd\TxBcVqbdnhxSkx\hlzglOoe\qHGxWDEDTawm\ndodLwazFtcZzQ.pdb

Imports

ntoskrnl.exe

RtlCreateUnicodeString
IoQueryDeviceDescription
KeRemoveQueue
RtlSetBits
IoCheckQuotaBufferValidity
SePrivilegeCheck
RtlTimeToSecondsSince1970
SeTokenIsAdmin
RtlFindMostSignificantBit
PsChargeProcessPoolQuota
IoInitializeTimer
KeGetCurrentThread
SeFilterToken
ExAcquireResourceSharedLite
CcRepinBcb
ZwQueryKey
RtlDelete
IoBuildPartialMdl
PsGetCurrentThread
RtlNumberOfClearBits
IoReadDiskSignature
IoAllocateErrorLogEntry
KefAcquireSpinLockAtDpcLevel
KeSetSystemAffinityThread
RtlInitAnsiString
IoSetPartitionInformationEx
KeRemoveByKeyDeviceQueue
KeRestoreFloatingPointState
RtlSplay
ZwOpenSymbolicLinkObject
ExGetPreviousMode
RtlSetAllBits
IoIsOperationSynchronous
FsRtlIsFatDbcsLegal
ZwSetValueKey
ZwWriteFile
KeInitializeDeviceQueue
MmIsThisAnNtAsSystem
RtlFillMemoryUlong
ZwOpenFile
IoGetDriverObjectExtension
MmProbeAndLockPages
IoRegisterDeviceInterface
MmQuerySystemSize
ExVerifySuite
PsCreateSystemThread
ZwCreateDirectoryObject
MmHighestUserAddress
KeReadStateEvent
RtlDowncaseUnicodeString
RtlSubAuthoritySid
RtlInitializeUnicodePrefix
CcUnpinData
MmSecureVirtualMemory
RtlEqualSid
ZwMakeTemporaryObject
MmCanFileBeTruncated
FsRtlIsTotalDeviceFailure
ZwMapViewOfSection
RtlAnsiStringToUnicodeString
KeLeaveCriticalRegion
IoWMIRegistrationControl
IoGetDeviceToVerify
RtlEnumerateGenericTable
KeUnstackDetachProcess
MmUnmapIoSpace
RtlCharToInteger
IoVerifyVolume
RtlQueryRegistryValues
ExReleaseResourceLite
MmFreePagesFromMdl
ExFreePool
ZwOpenProcess
ZwQueryInformationFile
SeUnlockSubjectContext
KeWaitForSingleObject
SeSetSecurityDescriptorInfo
ExSetTimerResolution
IoFreeController
RtlFindClearRuns
IoInvalidateDeviceState
RtlValidSecurityDescriptor
FsRtlIsDbcsInExpression
KeSaveFloatingPointState
PsGetCurrentThreadId
MmMapLockedPagesSpecifyCache
IoDeviceObjectType
MmAddVerifierThunks
ExCreateCallback
RtlEqualString
ZwQueryObject
IoReleaseCancelSpinLock
PsReturnPoolQuota
MmProbeAndLockProcessPages
IoCsqRemoveIrp
RtlCopyLuid
RtlOemToUnicodeN
CcCanIWrite
ObReferenceObjectByHandle
ProbeForWrite
PoSetSystemState
ExInitializeResourceLite
KeRundownQueue
MmPageEntireDriver
IoGetDeviceInterfaces
KeInitializeQueue
ExAllocatePoolWithQuota
IoGetLowerDeviceObject
ExSystemTimeToLocalTime
IoGetBootDiskInformation
IoCreateFile
ZwCreateEvent
RtlxAnsiStringToUnicodeSize
KeRemoveDeviceQueue
KeInsertQueueDpc
IoWMIWriteEvent
MmAdvanceMdl
IoGetTopLevelIrp
KeSetKernelStackSwapEnable
RtlHashUnicodeString
PoSetPowerState
PsTerminateSystemThread
CcUnpinRepinnedBcb
KeQueryActiveProcessors
RtlNtStatusToDosError
RtlPrefixUnicodeString
FsRtlNotifyUninitializeSync
MmMapLockedPages
RtlFindSetBits
CcFastMdlReadWait
IoFreeWorkItem
IoGetDmaAdapter
IofCompleteRequest
RtlGUIDFromString
CcUninitializeCacheMap
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
SeCreateClientSecurity
KeFlushQueuedDpcs
ExQueueWorkItem
CcCopyWrite
RtlMultiByteToUnicodeN
IoUpdateShareAccess
IoCreateSynchronizationEvent
KeRemoveEntryDeviceQueue
IoSetDeviceToVerify
CcFastCopyWrite
SeQueryAuthenticationIdToken
RtlVerifyVersionInfo
RtlSetDaclSecurityDescriptor
MmGetPhysicalAddress
IoStartPacket
ExRaiseAccessViolation
CcMdlWriteComplete
ZwDeleteKey
RtlRandom
MmAllocatePagesForMdl
RtlTimeToSecondsSince1980
ExDeleteNPagedLookasideList
FsRtlLookupLastLargeMcbEntry
KeSetTargetProcessorDpc
ExReleaseFastMutexUnsafe
KeBugCheckEx
RtlDeleteNoSplay
IoOpenDeviceRegistryKey
IoWritePartitionTableEx
RtlIsNameLegalDOS8Dot3
MmResetDriverPaging
KeDelayExecutionThread
ZwFreeVirtualMemory
ZwSetVolumeInformationFile
IoCreateDevice
RtlClearBits
RtlUpcaseUnicodeString
KeSetBasePriorityThread
ExRegisterCallback
KeQueryTimeIncrement
RtlClearAllBits
RtlMapGenericMask
ObCreateObject
RtlCopyUnicodeString
ExFreePoolWithTag
PoCallDriver
RtlInitString
PsImpersonateClient
KeInsertQueue
KeSetEvent
IoConnectInterrupt
ZwDeviceIoControlFile
KeDeregisterBugCheckCallback
PoRegisterSystemState
RtlUnicodeStringToInteger
CcCopyRead
CcMdlReadComplete
CcPreparePinWrite
ZwFlushKey
KeInsertByKeyDeviceQueue
RtlxUnicodeStringToAnsiSize
FsRtlFreeFileLock
IoRequestDeviceEject
IoSetSystemPartition
RtlIntegerToUnicodeString
ZwAllocateVirtualMemory
IoFreeErrorLogEntry
KeResetEvent
SeLockSubjectContext
ObReleaseObjectSecurity
IoVerifyPartitionTable
MmAllocateMappingAddress
IoDeleteSymbolicLink
IoGetAttachedDevice
IoGetDeviceAttachmentBaseRef
PoStartNextPowerIrp
FsRtlAllocateFileLock
KeEnterCriticalRegion
RtlSecondsSince1970ToTime
FsRtlMdlWriteCompleteDev
RtlxOemStringToUnicodeSize
IoReleaseRemoveLockEx
CcMdlWriteAbort
FsRtlNotifyInitializeSync
CcPurgeCacheSection
PsLookupThreadByThreadId
FsRtlIsHpfsDbcsLegal
ExUnregisterCallback
IoCheckShareAccess
CcSetReadAheadGranularity
RtlInitializeBitMap
ZwNotifyChangeKey
MmBuildMdlForNonPagedPool
KeInitializeSpinLock
ExRaiseDatatypeMisalignment
SeSinglePrivilegeCheck
RtlAreBitsClear
SeAssignSecurity
RtlFreeAnsiString
ExAcquireFastMutexUnsafe
MmGetSystemRoutineAddress
ZwSetSecurityObject
PsGetThreadProcessId
RtlUnicodeToMultiByteN
RtlFreeUnicodeString
ZwQueryValueKey
RtlAppendUnicodeToString
IoGetDeviceProperty
KeWaitForMultipleObjects
KeSetTimer
KeSynchronizeExecution
CcGetFileObjectFromBcb
KeInsertHeadQueue
ZwPowerInformation
KeInitializeApc
CcSetFileSizes
KeReleaseSemaphore
IoAcquireCancelSpinLock
IoEnumerateDeviceObjectList
IoCreateStreamFileObjectLite
ExGetSharedWaiterCount
ZwUnloadDriver

Exports

Exports

?HideClass@@YGPAEPAFIH]A
?GetTimeW@@YGPAK_NPAFPAE]A

Sections

.text
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbg
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02ef1047b311e950562876194c85b019

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 43KB

.dbg Size: 512B - Virtual size: 94B

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 29KB - Virtual size: 43KB

.dbg
Size: 512B - Virtual size: 94B

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 688B