6a6b93bcb1d0be877ae1c750ae74cdd0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6a6b93bcb1d0be877ae1c750ae74cdd0_JaffaCakes118
Size

65KB
MD5

6a6b93bcb1d0be877ae1c750ae74cdd0
SHA1

ee1a5761fb173503c1e5103a58d1cf3346ea176e
SHA256

f8621a898bac81baa694873547b0dcf42c9d458c30bfb900271b0e38c61b8a41
SHA512

15a6db9e0d4cc20b9bb8713d158427ce06b45bfd6c874f4db8e854027b8b7af7e9f3e197fa18e737f05f819e95addde680cad2ddcec37a63193d67532075e9e3
SSDEEP

1536:A2HLt6aFFogcc+yhBwa9ORt7h88LO7Zz:VHLtvHNB79ORtN84O7Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a6b93bcb1d0be877ae1c750ae74cdd0_JaffaCakes118

Files

6a6b93bcb1d0be877ae1c750ae74cdd0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

401cbac0eae144ac05ebc9ca4aa24e26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\mckaznv\ysSmdqnhfoDqlj\TcixOexRutsTam.pdb

Imports

ntoskrnl.exe

KeLeaveCriticalRegion
IoDeviceObjectType
KefAcquireSpinLockAtDpcLevel
RtlFindLeastSignificantBit
IoGetDiskDeviceObject
RtlCheckRegistryKey
CcSetBcbOwnerPointer
RtlUnicodeToOemN
PoStartNextPowerIrp
PsReturnPoolQuota
SeAccessCheck
KeSetTargetProcessorDpc
KeSynchronizeExecution
MmMapIoSpace
CcPurgeCacheSection
KeResetEvent
IoSetShareAccess
ObMakeTemporaryObject
FsRtlFastUnlockSingle
IoInitializeIrp
MmProbeAndLockPages
CcFlushCache
SeQueryInformationToken
ZwDeviceIoControlFile
ExRaiseAccessViolation
RtlSubAuthoritySid
RtlRemoveUnicodePrefix
RtlFindClearRuns
IoAllocateAdapterChannel
KeInsertByKeyDeviceQueue
CcMdlWriteAbort
ZwNotifyChangeKey
KeInsertDeviceQueue
IoSetTopLevelIrp
CcUninitializeCacheMap
RtlUnicodeStringToAnsiString
KeRundownQueue
KeRemoveByKeyDeviceQueue
SeOpenObjectAuditAlarm
IoIsWdmVersionAvailable
IoQueryFileInformation
MmPageEntireDriver
IoGetDeviceInterfaceAlias
KeSetKernelStackSwapEnable
MmIsAddressValid
ObfDereferenceObject
ExGetSharedWaiterCount
ObGetObjectSecurity
RtlLengthRequiredSid
IoCreateNotificationEvent
SeLockSubjectContext
IoAllocateMdl
MmUnmapLockedPages
KeReadStateSemaphore
PsGetProcessId
RtlAddAccessAllowedAceEx
IoGetLowerDeviceObject
RtlIsNameLegalDOS8Dot3
IoSetPartitionInformationEx
ObReferenceObjectByPointer
IofCompleteRequest
ExFreePool
IoInvalidateDeviceRelations
RtlCreateSecurityDescriptor
ZwLoadDriver
ZwSetSecurityObject
ExLocalTimeToSystemTime
MmResetDriverPaging
ExAcquireResourceSharedLite
ExVerifySuite
RtlDeleteElementGenericTable
ExCreateCallback
IoFreeController
ObQueryNameString
IoRequestDeviceEject
IoGetDeviceAttachmentBaseRef
RtlFreeOemString
KeBugCheckEx
ZwCreateEvent
RtlFindSetBits
RtlxOemStringToUnicodeSize
RtlSetBits
FsRtlFastCheckLockForRead
FsRtlIsFatDbcsLegal
IoRegisterFileSystem
ObfReferenceObject
KeDetachProcess
ZwCreateKey
PsLookupProcessByProcessId
IoRemoveShareAccess
IoReleaseRemoveLockEx
IoGetDmaAdapter
IoSetDeviceInterfaceState
RtlGetNextRange
RtlInsertUnicodePrefix
IoThreadToProcess
IoCreateDisk
IoCreateSynchronizationEvent
KeInitializeMutex
PsDereferencePrimaryToken
KeAttachProcess
CcMdlRead
RtlInitUnicodeString
RtlOemStringToUnicodeString
KeSetSystemAffinityThread
SeTokenIsRestricted
RtlDeleteNoSplay
KeRevertToUserAffinityThread
RtlAnsiStringToUnicodeString
IoAllocateController
SeCaptureSubjectContext
RtlDelete
RtlValidSecurityDescriptor
RtlValidSid
MmGetSystemRoutineAddress
MmAddVerifierThunks
RtlLengthSecurityDescriptor
IoUpdateShareAccess
PsRevertToSelf
PsLookupThreadByThreadId
RtlxAnsiStringToUnicodeSize
RtlOemToUnicodeN
ExIsProcessorFeaturePresent
KeSetEvent
RtlCopyUnicodeString
ExGetExclusiveWaiterCount
IoCreateStreamFileObjectLite
ExUnregisterCallback
KeRemoveEntryDeviceQueue
SeDeassignSecurity
ExRegisterCallback
KeReadStateEvent
ZwSetVolumeInformationFile
MmAllocateNonCachedMemory
IoCreateDevice
SeCreateClientSecurity
IoReadDiskSignature
KeRegisterBugCheckCallback
ExAllocatePool
IoAcquireCancelSpinLock
IoDeleteController
KeRemoveDeviceQueue
IoCreateStreamFileObject
IoStopTimer
FsRtlGetNextFileLock
IoDeleteDevice
IoAllocateIrp
IoGetDeviceProperty
IoCreateFile
FsRtlLookupLastLargeMcbEntry
ZwQueryVolumeInformationFile
IoInitializeRemoveLockEx
CcDeferWrite
PsGetThreadProcessId
DbgBreakPointWithStatus
MmHighestUserAddress
MmAllocateMappingAddress
RtlInitAnsiString
MmIsDriverVerifying
SeImpersonateClientEx
RtlFreeAnsiString
CcIsThereDirtyData
IoDisconnectInterrupt
IoGetTopLevelIrp
IoGetStackLimits
SeSetSecurityDescriptorInfo
FsRtlFreeFileLock
KeReadStateMutex
RtlSplay
ZwQueryKey
ZwPowerInformation
ExAllocatePoolWithTag
PoRequestPowerIrp
IoSetPartitionInformation
KeInsertQueue
RtlDeleteRegistryValue
KeWaitForMultipleObjects
RtlCopyLuid
FsRtlIsHpfsDbcsLegal
ObCreateObject
KeBugCheck
ObInsertObject
SeReleaseSubjectContext
FsRtlDeregisterUncProvider
IoReportResourceForDetection
RtlCreateRegistryKey
MmMapLockedPages
MmProbeAndLockProcessPages
KeRestoreFloatingPointState
SePrivilegeCheck
RtlWriteRegistryValue
IoVerifyPartitionTable
RtlClearAllBits
IoReadPartitionTableEx
SeFilterToken
RtlFindLastBackwardRunClear
ExGetPreviousMode
ZwFreeVirtualMemory
ObOpenObjectByPointer
MmAdvanceMdl
IoSetDeviceToVerify
IoCancelIrp
RtlAreBitsClear
CcSetReadAheadGranularity
KeSetBasePriorityThread
RtlFindMostSignificantBit
IoGetDeviceInterfaces
IoRaiseHardError
CcMdlReadComplete
PoUnregisterSystemState
KeInitializeSemaphore
MmMapLockedPagesSpecifyCache
IoReleaseRemoveLockAndWaitEx
IoConnectInterrupt
MmUnsecureVirtualMemory
ZwOpenFile
RtlUpperString
ExInitializeResourceLite
KeSetPriorityThread
RtlStringFromGUID
ZwOpenProcess
CcCopyRead
MmFreeContiguousMemory
IoCheckEaBufferValidity
KeCancelTimer
MmQuerySystemSize
PsGetCurrentProcessId
ExFreePoolWithTag
RtlUnicodeStringToInteger
IoAcquireVpbSpinLock
RtlTimeToSecondsSince1980
IoBuildPartialMdl
IoFreeErrorLogEntry
MmAllocatePagesForMdl
ProbeForWrite
RtlInitializeUnicodePrefix
CcUnpinDataForThread
ZwQueryValueKey
RtlFillMemoryUlong
KeReleaseMutex
KeInitializeDeviceQueue
RtlTimeFieldsToTime
IoWMIWriteEvent
KeWaitForSingleObject
MmUnlockPagableImageSection
PsGetVersion
ExDeleteNPagedLookasideList
PoSetSystemState
PsReferencePrimaryToken
FsRtlIsNameInExpression
RtlCharToInteger
SeQueryAuthenticationIdToken
IoWritePartitionTableEx
HalExamineMBR

Exports

Exports

?GlobalHeaderOriginal@@YGPAXJDF~U
?SendCharNew@@YGPAMDPAH~U
?FindCharExA@@YGFDPAFPAHM~U
?KillTimerNew@@YGXJD~U
?CloseAnchorEx@@YGIG~U
?DeletePenW@@YGDKPAH~U
?RtlFolder@@YGXPAN~U
?FreePenNew@@YGJPADPAGNPAI~U
?KillWindowA@@YGDNJ~U
?FormatExpressionOriginal@@YGMPAGPA_N~U
?CopyWindowInfoExA@@YGIPAMPAE~U
?HideVersionOld@@YGKPAIIG~U
?EnumDataOld@@YGXN_N~U
?CloseDialog@@YGPAXPA_N~U
?CallWindowInfoW@@YGFPAKPAN~U
?AddArgumentNew@@YGMEHPAFJ~U
?ValidateCommandLineOriginal@@YGPA_NKPAGI~U
?SetClassExA@@YGPAGPAD~U
?InvalidateFolder@@YGJDPAK~U
?KillSystem@@YGPAJHHH~U
?ShowComponentOriginal@@YGHM~U
?SendSystemOriginal@@YGXPAG~U
?ModifyTaskOld@@YGXKI~U
?FindConfigExA@@YGMH~U
?IncrementMessageW@@YGPAHJ~U
?FreeKeyNameExA@@YGXPAI~U
?IsValidPathNew@@YGPAKD~U
?FindAnchorNew@@YGPAJPAKEPAIK~U
?IsDataA@@YGPAGHPAG_N~U
?CallPointOld@@YGXG~U
?InstallTimerExA@@YGPAXPAD~U
?IsAnchorOld@@YGPAXPAJ~U
?CrtWindowExW@@YGPANF_NPANPAF~U
?FormatComponentA@@YGXPAK~U
?RtlComponentOld@@YGPAKF~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

401cbac0eae144ac05ebc9ca4aa24e26

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1024B - Virtual size: 1020B

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 306B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 700B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1024B - Virtual size: 1020B

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 306B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 700B