721d4a82c583f8b96459b9bda98e9fe2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

721d4a82c583f8b96459b9bda98e9fe2_JaffaCakes118
Size

445KB
MD5

721d4a82c583f8b96459b9bda98e9fe2
SHA1

1ee824d1b84362d569cd1b397ac611e8ea0ab5b7
SHA256

0a65e7cdedd35b48043a7cf821d5bbb35a39bb4b9adffdbf1d8b19e33634e595
SHA512

34137eed511cf285e7d7e835cc0b285894d43d8524390f776b569512a0911f243a83b9d5453bdf3fb17032484274a6280ce5328b02c94f91d6b36415df285ac2
SSDEEP

6144:+41mQ0BnJNhKTHAJiKXi4LE4wxHObJ2LG24z/3nZr26tVrl/tg5o8jOcfDvecdQs:+Cm7AtKy4LE4wxubJ2Li73ZpjgRdKWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
721d4a82c583f8b96459b9bda98e9fe2_JaffaCakes118

Files

721d4a82c583f8b96459b9bda98e9fe2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c90aca243aaf1f7a4e3140ed7027173a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\lwyptyBNiap\IpDkWxALa\dcVqTPpJfylF\lrOefrigbXm\oBgavXoyayTsyj.pdb

Imports

ntoskrnl.exe

CcCopyRead
MmAdvanceMdl
IoReportResourceForDetection
IoFreeWorkItem
SeTokenIsRestricted
MmUnmapReservedMapping
MmSecureVirtualMemory
KeRevertToUserAffinityThread
ZwReadFile
CcUninitializeCacheMap
ObfDereferenceObject
MmIsThisAnNtAsSystem
FsRtlFastUnlockSingle
RtlCopyLuid
KeSynchronizeExecution
IoCreateNotificationEvent
ZwOpenSymbolicLinkObject
IoAllocateMdl
IoWriteErrorLogEntry
MmMapLockedPagesSpecifyCache
RtlUpperString
ZwPowerInformation
CcCanIWrite
PsReferencePrimaryToken
ZwUnloadDriver
IoInitializeRemoveLockEx
IoFreeController
IoVerifyPartitionTable
ExQueueWorkItem
ZwSetVolumeInformationFile
ZwCreateKey
ZwDeleteKey
RtlStringFromGUID
RtlTimeToSecondsSince1970
ZwDeviceIoControlFile
CcInitializeCacheMap
IoGetDiskDeviceObject
RtlGetCallersAddress
IoSetTopLevelIrp
KeQueryActiveProcessors
RtlEqualString
FsRtlNotifyUninitializeSync
IoReadPartitionTable
CcPinMappedData
KeBugCheckEx
RtlUnicodeStringToOemString
ZwOpenKey
IoCheckEaBufferValidity
RtlInt64ToUnicodeString
KeSetKernelStackSwapEnable
IoAcquireCancelSpinLock
RtlLengthSecurityDescriptor
RtlEqualSid
DbgBreakPointWithStatus
ZwQueryValueKey
IoSetPartitionInformation
ExLocalTimeToSystemTime
RtlNumberOfClearBits
IoInvalidateDeviceRelations
RtlGetVersion
KeRemoveQueueDpc
RtlMapGenericMask
RtlCreateUnicodeString
FsRtlIsDbcsInExpression
CcSetBcbOwnerPointer
RtlFindMostSignificantBit
IoGetDeviceInterfaceAlias
PsGetCurrentProcessId
ZwEnumerateValueKey
MmAllocatePagesForMdl
IoAllocateAdapterChannel
IoUpdateShareAccess
IoCreateStreamFileObject
SeQueryAuthenticationIdToken
RtlCreateRegistryKey
IoSetStartIoAttributes
KdDisableDebugger
KeReadStateEvent
IofCompleteRequest
ZwMapViewOfSection
ExRaiseAccessViolation
ExIsProcessorFeaturePresent
KeGetCurrentThread
IoReleaseRemoveLockEx
FsRtlNotifyInitializeSync
ExCreateCallback
IoVolumeDeviceToDosName
IoReleaseCancelSpinLock
ObQueryNameString
KeQueryInterruptTime
RtlFindLastBackwardRunClear
IoRemoveShareAccess
KeReleaseSemaphore
ExInitializeResourceLite
IoReadPartitionTableEx
ObOpenObjectByPointer
SeSinglePrivilegeCheck
RtlTimeFieldsToTime
RtlGetNextRange
RtlDeleteNoSplay
RtlFreeUnicodeString
RtlInitAnsiString
RtlGenerate8dot3Name
KeWaitForMultipleObjects
IoAcquireRemoveLockEx
ZwOpenSection
RtlNtStatusToDosError
RtlCopyString
ExVerifySuite
RtlDowncaseUnicodeString
IoGetDmaAdapter
RtlVolumeDeviceToDosName
RtlAreBitsSet
RtlQueryRegistryValues
RtlRandom
KePulseEvent
RtlInitUnicodeString
IoGetAttachedDeviceReference
MmGetPhysicalAddress
RtlFindLeastSignificantBit
CcSetFileSizes
FsRtlIsTotalDeviceFailure
ObReferenceObjectByHandle
MmBuildMdlForNonPagedPool
ExFreePool
ExAllocatePoolWithQuota
KeRundownQueue
RtlValidSecurityDescriptor
RtlFreeAnsiString
IoUnregisterFileSystem
IoReadDiskSignature
RtlFindClearRuns
MmUnlockPages
PoSetPowerState
KeClearEvent
MmIsVerifierEnabled
RtlUnicodeToOemN
IoBuildSynchronousFsdRequest
RtlCompareString
FsRtlMdlWriteCompleteDev
IoSetPartitionInformationEx
PsGetProcessId
MmUnmapLockedPages
CcCopyWrite
IoGetRequestorProcessId
IoSetShareAccess
ZwSetValueKey
CcSetDirtyPinnedData
IoReuseIrp
RtlPrefixUnicodeString
CcFlushCache
CcGetFileObjectFromBcb
KeInsertQueueDpc
ExGetSharedWaiterCount
IoGetDeviceInterfaces
SeCaptureSubjectContext
RtlLengthRequiredSid
ObReleaseObjectSecurity
ExDeletePagedLookasideList
IoWMIWriteEvent
SeReleaseSubjectContext
MmMapLockedPages
KeInitializeSemaphore
RtlGUIDFromString
MmFreeContiguousMemory
MmProbeAndLockPages
RtlAddAccessAllowedAce
IoGetTopLevelIrp
RtlUnicodeStringToAnsiString
CcMdlRead
CcMdlWriteAbort
ExGetPreviousMode
KeInitializeMutex
MmResetDriverPaging
RtlCompareUnicodeString
MmIsDriverVerifying
IoGetRequestorProcess
PoCallDriver
RtlFindNextForwardRunClear
RtlxOemStringToUnicodeSize
IoCheckShareAccess
KeSetImportanceDpc
RtlFreeOemString
MmGetSystemRoutineAddress
RtlHashUnicodeString
IoCreateFile
DbgPrompt
IoConnectInterrupt
SeValidSecurityDescriptor
KeRemoveEntryDeviceQueue
IoSetSystemPartition
ZwCreateSection
RtlSubAuthoritySid
CcUnpinData
ZwNotifyChangeKey
IoGetLowerDeviceObject
ExSetResourceOwnerPointer
MmAllocateNonCachedMemory
MmMapIoSpace
ExAllocatePool
IoCsqRemoveIrp
ExSetTimerResolution
KeUnstackDetachProcess
ZwQueryInformationFile
PsReturnPoolQuota
ExGetExclusiveWaiterCount
MmForceSectionClosed
KeSetTimerEx
IoGetDeviceAttachmentBaseRef
RtlTimeToTimeFields
KeStackAttachProcess
RtlFindSetBits
ExDeleteNPagedLookasideList
RtlFillMemoryUlong
RtlSetBits
ZwMakeTemporaryObject
IoQueryFileDosDeviceName
MmLockPagableSectionByHandle
VerSetConditionMask
RtlxAnsiStringToUnicodeSize
IoSetThreadHardErrorMode
RtlInsertUnicodePrefix
ExDeleteResourceLite
IoAllocateWorkItem
MmPageEntireDriver
IoCreateDevice
FsRtlIsHpfsDbcsLegal
ZwFreeVirtualMemory
DbgBreakPoint
IoStartTimer
MmMapUserAddressesToPage
IoDeleteDevice
RtlLengthSid
RtlAnsiStringToUnicodeString
SeOpenObjectAuditAlarm
RtlFindUnicodePrefix
RtlIntegerToUnicodeString
IoSetHardErrorOrVerifyDevice
MmQuerySystemSize
PsDereferencePrimaryToken
PoStartNextPowerIrp
RtlCopySid
PsChargeProcessPoolQuota
ZwSetSecurityObject
ExReinitializeResourceLite
KeLeaveCriticalRegion
RtlInitializeSid
WmiQueryTraceInformation
FsRtlDeregisterUncProvider
ZwWriteFile
PsGetThreadProcessId
KeInsertByKeyDeviceQueue
ZwEnumerateKey
IoCheckQuotaBufferValidity
FsRtlIsFatDbcsLegal
SeAssignSecurity
RtlCopyUnicodeString
MmFreeMappingAddress
MmUnsecureVirtualMemory
ExSystemTimeToLocalTime
IoIsOperationSynchronous

Exports

Exports

?RemovePathOld@@YGPADPAJIFH&U
?InsertModule@@YGPAJDEI_N&U
?ValidateString@@YGHK&U
?CopyProcessA@@YGXPAHI_NPAD&U
?CallPenExA@@YGMPAGPAG&U
?DeleteHeightExA@@YGD_N&U
?ValidatePointOld@@YGNM&U
?GlobalTimerExW@@YGMFKH&U
?RemoveFilePath@@YGEPAJIPAK&U
?HideRectW@@YGPAXJPANGN&U
?AddSemaphoreA@@YGKE&U
?IsEventW@@YGNPAEPAJDJ&U
?ShowTimeOriginal@@YGMMFPAJJ&U
?IsValidFilePathEx@@YGFJ&U
?CrtMemoryEx@@YGXPAM&U
?CallMonitorOriginal@@YGPAXHKG&U
?ShowSectionA@@YGPAXJI&U
?HideFullNameEx@@YGXJ&U
?SendConfigA@@YGPAXE&U
?HideCommandLineNew@@YGIGD&U
?LoadModuleOriginal@@YGPAGED&U
?GlobalStateNew@@YGJPA_N&U
?FreeDialogA@@YGKD&U
?KillProcessA@@YGGKFJF&U
?FindOption@@YGDGM&U
?PutModuleA@@YGPAX_NE&U
?CopyFolderPathW@@YGPAIDPADM&U
?CloseProvider@@YGIPAE&U
?IsValidProcessOld@@YGXPAE_ND&U
?CopyMutantEx@@YGGPA_NPAHGI&U
?CallMessageOriginal@@YGPAJPAJ&U
?KillExpressionOld@@YGGPAD&U

Sections

.text
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 581B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c90aca243aaf1f7a4e3140ed7027173a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 581B

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 660B

.text
Size: 28KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 581B

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 660B