5a16aeff63726352a954b6c10a9831f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5a16aeff63726352a954b6c10a9831f9_JaffaCakes118
Size

159KB
MD5

5a16aeff63726352a954b6c10a9831f9
SHA1

420a6cc2a1a2b32edaf01d9b8e40bb98c2080718
SHA256

010f43a3265bb2657e60475f467403a5221d385b1dd64e64c3c7bcece094c964
SHA512

2472f8c051a29dc6f63bc4a733cdcccbc30b92ba69be465c6bf64e0899e537b1b25fd5d726d2aca16255a8be8d3554d2cc1857661de188fb1d86377981c49aea
SSDEEP

3072:cCaVbFCubeuTmDkESmP6Y0Dv0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:cChua2mowzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a16aeff63726352a954b6c10a9831f9_JaffaCakes118

Files

5a16aeff63726352a954b6c10a9831f9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

33a199df9ab35217eb6d46f7d385b44e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\foJdbtrolK\yoOlgayxmTsa\EsclLjwLsyvu.pdb

Imports

ntoskrnl.exe

RtlWriteRegistryValue
IoFreeMdl
RtlMultiByteToUnicodeN
CcGetFileObjectFromBcb
MmIsThisAnNtAsSystem
IoAcquireCancelSpinLock
RtlUnicodeStringToInteger
RtlDeleteRegistryValue
MmHighestUserAddress
IoGetTopLevelIrp
ObReferenceObjectByHandle
ZwEnumerateKey
ObReferenceObjectByPointer
ExRaiseDatatypeMisalignment
RtlCopySid
FsRtlCheckLockForReadAccess
KeGetCurrentThread
ZwPowerInformation
IoVerifyVolume
KeReadStateTimer
KeInitializeSemaphore
IoConnectInterrupt
CcFlushCache
ZwMapViewOfSection
IoRemoveShareAccess
RtlGenerate8dot3Name
RtlFindSetBits
IoWriteErrorLogEntry
ZwAllocateVirtualMemory
KdDisableDebugger
RtlFindNextForwardRunClear
RtlRandom
MmMapUserAddressesToPage
ZwNotifyChangeKey
MmMapLockedPages
ExDeletePagedLookasideList
KeReleaseSemaphore
ZwClose
ZwCreateKey
PsSetLoadImageNotifyRoutine
KeRevertToUserAffinityThread
ExGetExclusiveWaiterCount
IoWritePartitionTableEx
IoFreeErrorLogEntry
SeCreateClientSecurity
MmPageEntireDriver
IoCreateSynchronizationEvent
RtlFindClearRuns
PoCallDriver
KeReadStateEvent
SePrivilegeCheck
ObfDereferenceObject
RtlTimeToTimeFields
KeQueryActiveProcessors
KeQuerySystemTime
CcFastCopyRead
IoIsSystemThread
KeSetKernelStackSwapEnable
FsRtlCheckLockForWriteAccess
RtlCompareMemory
RtlUpperString
RtlStringFromGUID
MmFreeMappingAddress
SeReleaseSubjectContext
KeInitializeMutex
IoInitializeIrp
SeAppendPrivileges
ExInitializeResourceLite
RtlSubAuthoritySid
IoAllocateController
IoDisconnectInterrupt
RtlFreeOemString
KeInitializeApc
ZwSetSecurityObject
RtlGetNextRange
KeInitializeDpc
RtlDowncaseUnicodeString
IoReadDiskSignature
MmQuerySystemSize
ProbeForRead
KeInsertQueueDpc
KeInsertHeadQueue
FsRtlMdlWriteCompleteDev
IoCreateDisk
IoStopTimer
ExGetSharedWaiterCount
MmGetSystemRoutineAddress
RtlUpcaseUnicodeChar
MmAddVerifierThunks
RtlUnicodeToOemN
RtlGetCallersAddress
RtlRemoveUnicodePrefix
IoInitializeRemoveLockEx
RtlUnicodeToMultiByteN
IoStartTimer
IoGetDeviceToVerify
KeReadStateSemaphore
KeRemoveDeviceQueue
ZwCreateSection
ExUuidCreate
IoReportResourceForDetection
RtlSetBits
MmUnmapIoSpace
PoRequestPowerIrp
ZwOpenFile
FsRtlIsFatDbcsLegal
IoQueueWorkItem
CcIsThereDirtyData
IoSetPartitionInformationEx
KeDetachProcess
ExDeleteNPagedLookasideList
CcMdlWriteComplete
RtlAreBitsClear
CcSetReadAheadGranularity
IoRaiseHardError
IoReleaseCancelSpinLock
IoReportDetectedDevice
FsRtlFreeFileLock
RtlAnsiStringToUnicodeString
MmMapLockedPagesSpecifyCache
CcMapData
KeReleaseMutex
KeFlushQueuedDpcs
SeSinglePrivilegeCheck
RtlFindUnicodePrefix
RtlGetVersion
PsGetProcessExitTime
IoGetDiskDeviceObject
IoAllocateMdl
ExIsProcessorFeaturePresent
RtlUpperChar
MmAllocateMappingAddress
RtlClearAllBits
IoReleaseRemoveLockAndWaitEx
ExAllocatePool
CcUnpinDataForThread
ZwCreateFile
IoGetDeviceObjectPointer
RtlAddAccessAllowedAceEx
ZwQueryKey
KePulseEvent
RtlFreeAnsiString
KeClearEvent
ZwOpenSymbolicLinkObject
IoOpenDeviceRegistryKey
IoUpdateShareAccess
IoInitializeTimer
RtlFillMemoryUlong
ExLocalTimeToSystemTime
IoDeleteController
KeInitializeDeviceQueue
FsRtlFastCheckLockForRead
IoDetachDevice
MmSetAddressRangeModified
RtlEqualString
KeInitializeSpinLock
RtlSetDaclSecurityDescriptor
ObfReferenceObject
SeDeleteObjectAuditAlarm
RtlxAnsiStringToUnicodeSize
MmGetPhysicalAddress
ExAllocatePoolWithQuotaTag
CcZeroData
IoInvalidateDeviceRelations
RtlInitUnicodeString
CcDeferWrite
IoSetDeviceToVerify
KeRegisterBugCheckCallback
FsRtlFastUnlockSingle
KeLeaveCriticalRegion
KeInsertByKeyDeviceQueue
PsDereferencePrimaryToken
CcMdlWriteAbort
DbgPrompt
RtlFindClearBitsAndSet
KeBugCheckEx
RtlInitializeGenericTable
PsChargeProcessPoolQuota
IoVerifyPartitionTable
RtlSecondsSince1980ToTime
KeCancelTimer
IoThreadToProcess
SeOpenObjectAuditAlarm
RtlLengthRequiredSid
CcSetDirtyPinnedData
KeQueryTimeIncrement
IoAcquireRemoveLockEx
IoAllocateErrorLogEntry
IoAcquireVpbSpinLock
KeUnstackDetachProcess
IoBuildPartialMdl
RtlNtStatusToDosError
KeReadStateMutex
ZwQueryVolumeInformationFile
IoAllocateAdapterChannel
IoSetStartIoAttributes
ExAllocatePoolWithTag
KeEnterCriticalRegion
KdEnableDebugger
ObQueryNameString
IoGetDmaAdapter
RtlAnsiCharToUnicodeChar
RtlCreateUnicodeString
RtlFindLastBackwardRunClear
KeSetTimerEx
RtlCopyLuid
CcFastCopyWrite
IoRegisterDeviceInterface
IoInvalidateDeviceState
MmBuildMdlForNonPagedPool
ExReleaseResourceLite
KeSetImportanceDpc
CcSetBcbOwnerPointer
IoWMIWriteEvent
RtlCreateSecurityDescriptor
KeInsertQueue
SeCaptureSubjectContext
ZwCreateEvent
MmSizeOfMdl
MmAllocateNonCachedMemory
IoCreateNotificationEvent
KeRemoveQueueDpc
IoGetAttachedDevice
RtlFindClearBits
IoGetDriverObjectExtension
FsRtlLookupLastLargeMcbEntry
MmFreeContiguousMemory
PoUnregisterSystemState
IoGetCurrentProcess
SeUnlockSubjectContext
IoSetThreadHardErrorMode
RtlExtendedIntegerMultiply
RtlHashUnicodeString
RtlDeleteElementGenericTable
SeAccessCheck
IoWMIRegistrationControl
FsRtlCheckOplock
ZwOpenKey
DbgBreakPointWithStatus
KeInitializeQueue
RtlTimeToSecondsSince1970
RtlCreateAcl
FsRtlIsTotalDeviceFailure
PsGetCurrentThread
CcMdlRead
MmUnmapLockedPages
ObMakeTemporaryObject
KefAcquireSpinLockAtDpcLevel
ExFreePoolWithTag
KeInitializeTimerEx
ZwSetValueKey
ExRaiseAccessViolation
RtlInitializeUnicodePrefix
IoGetRequestorProcess
KeAttachProcess
IoCreateStreamFileObject
MmUnmapReservedMapping
CcCanIWrite
MmProbeAndLockProcessPages
ExRegisterCallback
RtlFindLeastSignificantBit

Exports

Exports

?IsSemaphoreOriginal@@YGIJNPAM<V
?InsertWidthW@@YGGIFHE<V
?CrtComponent@@YGEPAEPAFN<V
?FreeStringExA@@YGPAXMM<V
?SendPointerExA@@YGPAHPAM_N_NF<V
?InstallProviderNew@@YGDGE<V

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33a199df9ab35217eb6d46f7d385b44e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 824B

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 824B