6f8e3b659b64f848ab47cb747dfd5ca9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f8e3b659b64f848ab47cb747dfd5ca9_JaffaCakes118
Size

183KB
MD5

6f8e3b659b64f848ab47cb747dfd5ca9
SHA1

456d908ea82d05f321f760a631c2d608f80e3c53
SHA256

5c7d438ca5fd78fe26f790c2a0fef726bcdd2f146be0a4687360b8013ec81d4d
SHA512

626d92b5e8c4ab6e85a1a1e60bad71f7240d2071a24838c5a37a2f930afdd7fa0a7da21b67bb5d7b7b85dd9d91ef6df010b1f6c6cfbabe7f25e6f946377d1197
SSDEEP

3072:AWMM9+RH9VDWpJ4//E+7mslheiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdQlK5z:PMMEZnDOJ4nE+a6hgiU+dOgaq9lz7Vdb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f8e3b659b64f848ab47cb747dfd5ca9_JaffaCakes118

Files

6f8e3b659b64f848ab47cb747dfd5ca9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

aba9013ee923b851229f39b6319a48e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\xcheBNJeK\cAaeeybc\aiimmTeCexdi\DlxsplcZqRCer.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
SeDeassignSecurity
SeTokenIsAdmin
FsRtlCheckOplock
RtlAddAccessAllowedAceEx
KeWaitForMultipleObjects
ExAllocatePoolWithTag
MmUnlockPages
RtlCompareUnicodeString
KeClearEvent
RtlFindUnicodePrefix
RtlGetCallersAddress
RtlFindClearRuns
IoSetStartIoAttributes
FsRtlFreeFileLock
MmLockPagableSectionByHandle
IoSetPartitionInformation
PsReferencePrimaryToken
RtlRandom
CcGetFileObjectFromBcb
CcPurgeCacheSection
ZwCreateEvent
CcFlushCache
IoGetDeviceInterfaceAlias
IoGetDriverObjectExtension
ZwFsControlFile
ExReleaseFastMutexUnsafe
RtlWriteRegistryValue
KeRevertToUserAffinityThread
KeInitializeApc
RtlUnicodeStringToInteger
KeInitializeEvent
RtlIsNameLegalDOS8Dot3
IoReleaseRemoveLockEx
IoCreateDevice
ZwMakeTemporaryObject
SeImpersonateClientEx
FsRtlAllocateFileLock
RtlSetAllBits
IoRequestDeviceEject
MmSecureVirtualMemory
ZwFlushKey
FsRtlFastCheckLockForRead
SeQueryInformationToken
ZwCreateDirectoryObject
IoQueryFileDosDeviceName
ZwQueryObject
MmBuildMdlForNonPagedPool
CcPinRead
MmMapUserAddressesToPage
IoAcquireRemoveLockEx
MmUnsecureVirtualMemory
MmAllocateContiguousMemory
PsGetCurrentThread
RtlAppendStringToString
ExRaiseAccessViolation
RtlInitializeBitMap
IoCreateStreamFileObjectLite
SeTokenIsRestricted
MmGetPhysicalAddress
ZwLoadDriver
RtlCreateSecurityDescriptor
PoRequestPowerIrp
RtlCopySid
RtlInsertUnicodePrefix
RtlTimeFieldsToTime
RtlInitializeSid
CcSetBcbOwnerPointer
SeValidSecurityDescriptor
IoAllocateIrp
IoDetachDevice
RtlAreBitsSet
IoCreateFile
RtlQueryRegistryValues
IoAllocateController
IoReadPartitionTableEx
ZwMapViewOfSection
IoSetThreadHardErrorMode
IoGetDiskDeviceObject
RtlStringFromGUID
KeRemoveQueue
RtlSetDaclSecurityDescriptor
CcRemapBcb
MmAllocateNonCachedMemory
ExAcquireResourceSharedLite
IoAllocateAdapterChannel
ExReinitializeResourceLite
IoAllocateErrorLogEntry
IoWMIRegistrationControl
PsGetProcessId
CcMdlRead
ExGetPreviousMode
ExDeleteResourceLite
PsImpersonateClient
KeGetCurrentThread
SeReleaseSubjectContext
ExLocalTimeToSystemTime
IoReleaseVpbSpinLock
MmAllocateMappingAddress
KeWaitForSingleObject
RtlAnsiCharToUnicodeChar
KePulseEvent
IoGetDeviceToVerify
KeSetBasePriorityThread
IoVerifyPartitionTable
FsRtlCheckLockForReadAccess
MmIsVerifierEnabled
RtlPrefixUnicodeString
IoRegisterDeviceInterface
KeInsertByKeyDeviceQueue
SeSinglePrivilegeCheck
RtlCopyUnicodeString
KeRemoveByKeyDeviceQueue
RtlxAnsiStringToUnicodeSize
FsRtlIsHpfsDbcsLegal
IoSetShareAccess
RtlMultiByteToUnicodeN
SeLockSubjectContext
FsRtlFastUnlockSingle
RtlSplay
ZwEnumerateKey
DbgPrompt
ExFreePool
CcSetFileSizes
RtlUpperChar
CcFastCopyRead
MmMapLockedPagesSpecifyCache
CcUnpinDataForThread
FsRtlGetNextFileLock
IoStartTimer
ExInitializeResourceLite
PsRevertToSelf
RtlUpcaseUnicodeChar
CcUninitializeCacheMap
IoVolumeDeviceToDosName
KeReadStateTimer
RtlInitializeUnicodePrefix
RtlInitAnsiString
KeRundownQueue
IoIsWdmVersionAvailable
RtlGetNextRange
SeDeleteObjectAuditAlarm
ExUuidCreate
ObReleaseObjectSecurity
PsCreateSystemThread
ObCreateObject
ExDeleteNPagedLookasideList
MmHighestUserAddress
ZwEnumerateValueKey
IoCreateSynchronizationEvent
IoSetSystemPartition
PsGetCurrentProcessId
PsDereferencePrimaryToken
ZwNotifyChangeKey
FsRtlSplitLargeMcb
VerSetConditionMask
PsGetProcessExitTime
RtlFillMemoryUlong
MmAddVerifierThunks
CcMdlReadComplete
PsSetLoadImageNotifyRoutine
RtlAnsiStringToUnicodeString
CcPinMappedData
KeInsertHeadQueue
ObQueryNameString
MmProbeAndLockPages
ZwQueryInformationFile
IoFreeMdl
KeQuerySystemTime
IoCheckShareAccess
IoWritePartitionTableEx
ZwOpenFile
IoGetLowerDeviceObject
IoCreateDisk
ZwDeleteValueKey
CcCopyRead
MmFreeContiguousMemory
KeFlushQueuedDpcs
FsRtlIsDbcsInExpression
KeInitializeDeviceQueue
IoWMIWriteEvent
MmSizeOfMdl
RtlDeleteElementGenericTable
KeInitializeDpc
MmUnmapReservedMapping
IoAllocateMdl
IoRegisterFileSystem
RtlDowncaseUnicodeString
MmFreePagesFromMdl
ZwDeleteKey
ZwQueryValueKey
RtlFindClearBits
RtlInt64ToUnicodeString
ObMakeTemporaryObject
KeUnstackDetachProcess
KeRemoveDeviceQueue
KeRegisterBugCheckCallback
IoCheckEaBufferValidity
PsLookupProcessByProcessId
MmUnmapLockedPages
PsIsThreadTerminating
RtlAppendUnicodeToString
RtlInitializeGenericTable
RtlFreeAnsiString
MmAllocatePagesForMdl
PoRegisterSystemState
MmCanFileBeTruncated
CcCanIWrite
KeRemoveEntryDeviceQueue
ZwSetSecurityObject
RtlDeleteRegistryValue
IoGetCurrentProcess
RtlSecondsSince1980ToTime
ExIsProcessorFeaturePresent
IoStartPacket
RtlVerifyVersionInfo
IoGetTopLevelIrp
PsGetCurrentThreadId
ExAllocatePoolWithQuota
MmIsThisAnNtAsSystem
ExSystemTimeToLocalTime
RtlLengthSecurityDescriptor
ExVerifySuite
ExUnregisterCallback
KeInitializeMutex
MmForceSectionClosed
ExAllocatePool
KeDelayExecutionThread
KeEnterCriticalRegion
ZwQuerySymbolicLinkObject
IoReadDiskSignature
RtlCreateRegistryKey
CcDeferWrite
IoCheckQuotaBufferValidity
KeBugCheck
RtlUnicodeStringToAnsiString
MmMapIoSpace
PsGetThreadProcessId
ObOpenObjectByPointer
ZwQueryVolumeInformationFile
KeQueryInterruptTime
MmUnlockPagableImageSection
RtlFreeOemString
IoGetStackLimits
RtlUpcaseUnicodeString
RtlVolumeDeviceToDosName
CcFastMdlReadWait
FsRtlCheckLockForWriteAccess
MmLockPagableDataSection
KeInsertDeviceQueue
IoSetHardErrorOrVerifyDevice
IoAcquireVpbSpinLock
IoRaiseHardError
KeSetEvent
PsGetCurrentProcess
KeBugCheckEx
KeDetachProcess
ExSetResourceOwnerPointer
CcRepinBcb
IoDeleteController

Exports

Exports

?InvalidateMonitorExA@@YGXPAJ~U
?CancelDirectoryEx@@YGFPAF~U
?CrtExpressionExA@@YGPADEPAGK~U
?InstallWindowExW@@YGPAXPADENE~U
?CallValueEx@@YGPAIPAH~U
?AddDateOriginal@@YGXHNPAH~U
?ShowConfigW@@YGPAJI~U
?GenerateProjectOriginal@@YGPAHDKF~U
?IsNotFolderPathOriginal@@YGEPAHPAN~U
?GlobalExpressionNew@@YGDPAN~U
?LoadHeightExW@@YGMG~U
?InsertConfigExW@@YGFPAEDIH~U
?IncrementTaskExW@@YGPAHF~U
?OnOptionExW@@YGPAGEJPAJE~U
?IncrementDateTimeExA@@YGGPAEGHH~U
?FormatFolderExA@@YGPAHI_NM~U
?OnDateExW@@YGIMPAE_N~U
?EnumMutex@@YGXPAGPAJ~U
?EnumModuleA@@YGEIMDJ~U
?GenerateProfileEx@@YGDGPAH~U
?CopyMemoryExA@@YGXPAIPAEPAEK~U
?EnumTaskNew@@YGNJI~U
?RtlDirectoryOriginal@@YGXDPAHK~U
?OnKeyboardA@@YGEIFEI~U
?ShowModuleOriginal@@YGPAHPAI~U
?OnSizeW@@YGKII~U
?CloseDialogExW@@YGKPADPAFJ~U
?IncrementDialogEx@@YGEPAKPAHPAE~U
?GenerateProjectOld@@YG_NHGG~U
?AddSemaphoreNew@@YGHPAMPAM~U
?DecrementDateTimeA@@YGXEPAH~U
?GlobalKeyboardExW@@YGIPAFFGK~U
?InvalidateOptionA@@YGPAXJEH~U
?CallModuleExA@@YGPAIIHIH~U
?PutStringA@@YGPAHN~U

Sections

.text
Size: 30KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba9013ee923b851229f39b6319a48e3

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 282B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 30KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 282B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 704B