60e0c76dab80076d75d19a839aa5d840_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

60e0c76dab80076d75d19a839aa5d840_JaffaCakes118
Size

61KB
MD5

60e0c76dab80076d75d19a839aa5d840
SHA1

d4ffcca7cb2f886d9dc8729c9e6ae6e41f329bc0
SHA256

ed1e1e97ccaf598c5aa11c0b58aa78e1887b8199efd3251116573ee270472586
SHA512

8103a0cbd7341e1a4f84aad5b34767af14ebd9c9ab6e9ca5280443eca7d30c3e3ac8cd75638d8de427490ca53dd1268b8a7fd7c94b0f1fc6dc9b10cc5d556aeb
SSDEEP

768:VBhe4tujjKsBQfMKlYBOEWNBJrMZ7wADrlL1Va4AVdyjACKwbs2j+t:siax4CBhAMZ7B44e2Lj+t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60e0c76dab80076d75d19a839aa5d840_JaffaCakes118

Files

60e0c76dab80076d75d19a839aa5d840_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9ea5773de9a144ce1280e7ccd824dc6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\pHtPtwYybEvmjD\zkjlqlxy\tRlvlcCtsxmVHn.pdb

Imports

ntoskrnl.exe

IoGetDeviceToVerify
RtlGUIDFromString
ExGetPreviousMode
RtlInitAnsiString
KeSetPriorityThread
ZwPowerInformation
IoThreadToProcess
KeBugCheck
PoSetPowerState
ExAllocatePoolWithQuotaTag
MmAllocateNonCachedMemory
MmHighestUserAddress
IoIsSystemThread
IoDeleteController
RtlGenerate8dot3Name
MmAddVerifierThunks
FsRtlSplitLargeMcb
IoWMIWriteEvent
RtlFreeUnicodeString
FsRtlIsTotalDeviceFailure
RtlRandom
CcPurgeCacheSection
FsRtlFreeFileLock
RtlAnsiCharToUnicodeChar
ZwEnumerateKey
RtlTimeToSecondsSince1980
KeLeaveCriticalRegion
PsGetProcessExitTime
IoCreateDevice
IoFreeErrorLogEntry
KeInitializeEvent
KeDetachProcess
IoDeleteDevice
FsRtlNotifyUninitializeSync
IoSetStartIoAttributes
MmUnlockPagableImageSection
ObReferenceObjectByHandle
IoQueryFileDosDeviceName
RtlInitString
ExGetExclusiveWaiterCount
RtlNumberOfClearBits
CcPreparePinWrite
ZwFlushKey
RtlLengthSid
RtlFindNextForwardRunClear
ExFreePool
KeQueryTimeIncrement
RtlFindMostSignificantBit
KeInitializeSpinLock
RtlAppendUnicodeToString
CcSetFileSizes
ZwQueryValueKey
IoRegisterDeviceInterface
RtlHashUnicodeString
IoReportResourceForDetection
IoSetPartitionInformation
ExUnregisterCallback
MmPageEntireDriver
MmForceSectionClosed
RtlCompareMemory
IoReleaseRemoveLockEx
IoInitializeTimer
KeInitializeSemaphore
IoStartPacket
RtlAnsiStringToUnicodeString
CcCopyWrite
RtlVerifyVersionInfo
IoBuildSynchronousFsdRequest
RtlMapGenericMask
RtlCreateSecurityDescriptor
IoCheckShareAccess
IoCreateSymbolicLink
FsRtlCheckOplock
DbgPrompt
CcDeferWrite
RtlGetCallersAddress
ZwLoadDriver
KeRegisterBugCheckCallback
ZwOpenSection
ExSetResourceOwnerPointer
MmSizeOfMdl
RtlFindClearBitsAndSet
MmAllocateMappingAddress
IoInitializeRemoveLockEx
RtlUnicodeToOemN
IoCreateStreamFileObjectLite
RtlAddAccessAllowedAceEx
PsDereferencePrimaryToken
CcRemapBcb
IoCheckQuotaBufferValidity
IoGetRelatedDeviceObject
IoFreeMdl
IoWritePartitionTableEx
KdDisableDebugger
IoAllocateMdl
CcGetFileObjectFromBcb
FsRtlFastUnlockSingle
RtlGetNextRange
RtlFindClearBits
RtlUpcaseUnicodeString
RtlDeleteElementGenericTable
KeBugCheckEx
SeAppendPrivileges
CcMdlWriteComplete
RtlSecondsSince1970ToTime
DbgBreakPoint
RtlStringFromGUID
RtlCreateRegistryKey
IoGetAttachedDeviceReference
RtlPrefixUnicodeString
ExVerifySuite
IoGetDmaAdapter
KeEnterCriticalRegion
IoCheckEaBufferValidity
KeInitializeTimerEx
CcUnpinDataForThread
MmQuerySystemSize
CcUninitializeCacheMap
KeReadStateSemaphore
PoUnregisterSystemState
ObReferenceObjectByPointer
PsLookupThreadByThreadId
IoSetTopLevelIrp
ZwOpenSymbolicLinkObject
FsRtlCheckLockForWriteAccess
KeReleaseSemaphore
KeSetEvent
MmMapIoSpace
RtlOemStringToUnicodeString
RtlSetDaclSecurityDescriptor
KeSetTimerEx
RtlGetVersion
SeFreePrivileges
KeStackAttachProcess
SeImpersonateClientEx
ProbeForWrite
RtlCreateUnicodeString
ZwDeleteKey
KeCancelTimer
IoDisconnectInterrupt
IoSetDeviceInterfaceState
FsRtlIsDbcsInExpression
MmFreeContiguousMemory
CcUnpinData
MmGetPhysicalAddress
IoOpenDeviceRegistryKey
ZwSetValueKey
KeInitializeMutex
CcPinMappedData
IoCsqRemoveIrp
MmLockPagableSectionByHandle
ZwCreateDirectoryObject
MmUnlockPages
SeAccessCheck
RtlTimeToTimeFields
CcZeroData
SeAssignSecurity
RtlOemToUnicodeN
FsRtlLookupLastLargeMcbEntry
KeDelayExecutionThread
RtlValidSid
CcMdlWriteAbort
IoAcquireRemoveLockEx
IoAllocateIrp
IoDetachDevice
ExDeleteNPagedLookasideList
SeQueryAuthenticationIdToken
MmAllocateContiguousMemory
CcMdlReadComplete
ExAcquireFastMutexUnsafe
RtlFindLeastSignificantBit
RtlFindLongestRunClear
IoAcquireVpbSpinLock
ZwQueryVolumeInformationFile
IoQueryDeviceDescription
RtlUpperString
IoCreateDisk
RtlDowncaseUnicodeString
IoReportDetectedDevice
IoGetDiskDeviceObject
RtlValidSecurityDescriptor
ZwAllocateVirtualMemory
IoRegisterFileSystem
IoSetSystemPartition
ExQueueWorkItem
MmUnmapIoSpace
KeInsertDeviceQueue
PsRevertToSelf
IoCreateSynchronizationEvent
ZwMakeTemporaryObject
ExAcquireResourceSharedLite
IoConnectInterrupt
IoGetDriverObjectExtension
KeGetCurrentThread
IoDeviceObjectType
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeToOemN
RtlxUnicodeStringToAnsiSize
KeSetImportanceDpc
KeInsertQueueDpc
IoWriteErrorLogEntry
ObfDereferenceObject
RtlCompareString
RtlEqualSid
IoRaiseHardError
RtlUpperChar
PsGetCurrentThread
RtlQueryRegistryValues
IoWMIRegistrationControl
ExReleaseFastMutexUnsafe
ExRaiseStatus
RtlxOemStringToUnicodeSize
KeUnstackDetachProcess
KeWaitForSingleObject
RtlUnicodeToMultiByteN
RtlInitializeSid
KeSetTargetProcessorDpc
ExDeletePagedLookasideList
RtlFindSetBits
ExReleaseResourceLite
SeCreateClientSecurity
RtlFindLastBackwardRunClear
IoCancelIrp
IoUpdateShareAccess
IoUnregisterFileSystem
IoStopTimer
PsSetLoadImageNotifyRoutine
IoRequestDeviceEject
MmCanFileBeTruncated
FsRtlIsHpfsDbcsLegal
KeSetKernelStackSwapEnable
SeUnlockSubjectContext
RtlClearAllBits
ObQueryNameString
RtlDelete
SeLockSubjectContext
MmMapLockedPages
SeSetSecurityDescriptorInfo
IoReadDiskSignature
KeQueryActiveProcessors
IoGetRequestorProcess
RtlInitializeUnicodePrefix
ObMakeTemporaryObject
RtlSetAllBits
ZwMapViewOfSection
ExSetTimerResolution
PsTerminateSystemThread
ExDeleteResourceLite
IoSetDeviceToVerify
RtlFindUnicodePrefix
KeRundownQueue
IoSetThreadHardErrorMode
RtlLengthRequiredSid
KeInitializeDeviceQueue
KeSynchronizeExecution
MmBuildMdlForNonPagedPool
MmGetSystemRoutineAddress
CcUnpinRepinnedBcb
RtlEnumerateGenericTable
CcPinRead
RtlRemoveUnicodePrefix
IoDeleteSymbolicLink
ExUuidCreate
IoStartTimer

Exports

Exports

?KillListItemNew@@YGNEPAMPAJPAG@Z
?IsPointNew@@YGXPAMPAFK@Z
?SendPointer@@YGPA_NMPAFGPAD@Z
?AddWindowInfoExW@@YGPAXPAMEPA_NJ@Z
?OnWidthExA@@YGPAIPAFPAMPAEPAM@Z
?RtlTaskEx@@YGFMKPA_NI@Z
?InvalidateValueNew@@YGXIM@Z
?InsertConfigW@@YGPAJPAK@Z
?GenerateSection@@YGPAXDPAG@Z
?EnumComponentExW@@YGPAFMPAMPAHK@Z
?InstallProjectNew@@YGPADPANHE@Z
?IncrementValueEx@@YGHPAE@Z
?SetFolderPathExW@@YGKDPAFPAD@Z
?CancelHeaderW@@YGPAHK@Z
?FreeHeightOriginal@@YGPAXD@Z
?FormatFile@@YGPAJPAI@Z
?SetListItemOld@@YGPAJGPAIFK@Z
?HideKeyNameA@@YGPAXJPAGPANJ@Z
?Height@@YGPAFGPAH@Z
?CloseWindowInfoW@@YGGNPAN@Z
?SendSizeOld@@YGHIHK@Z
?RemoveAnchor@@YGIEJPAFM@Z
?RemoveScreenEx@@YGDIPA_N@Z
?CancelClass@@YGJFKI@Z
?DecrementWindowOriginal@@YGPAXPAJ@Z
?RtlAppNameA@@YGDK@Z
?GenerateWidthOld@@YGPAHHIHG@Z
?DecrementTextExW@@YGPAMFPAJ_NJ@Z
?CancelSystemExW@@YGHPAID@Z
?GenerateComponentA@@YGIEK@Z
?DecrementDateTime@@YGPAXEPAK@Z
?ShowOptionA@@YGMIJ@Z
?IsCharExW@@YGHPAE@Z
?CancelFileA@@YGPAIG@Z
?FormatProfileA@@YGXPAK@Z
?OnClassOld@@YGPAIGJK@Z
?AddTaskOld@@YGPAEMPAGJPAD@Z
?AddExpressionW@@YGXPAMPAG@Z
?AddValueExW@@YGPAGPAI@Z

Sections

.text
Size: 24KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 371B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ea5773de9a144ce1280e7ccd824dc6b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 49KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 2KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 371B

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 628B

.text
Size: 24KB - Virtual size: 49KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 2KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 371B

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 628B