73be91939feedfc3e8842fc65622162e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73be91939feedfc3e8842fc65622162e_JaffaCakes118
Size

159KB
MD5

73be91939feedfc3e8842fc65622162e
SHA1

293278c4be6c999af0db31d738a564cac957050b
SHA256

19b0c1c8ffa50409baa4f8bf8865bb0e0a9271a79244e277860a549adf8c4b79
SHA512

b46ee40b4a205937fe7ae7fe42eec9d7fa43e1bc01b70d5644d57a901c8f345f3c5729151d196994b067a59ccb885f45651ba3aecd7a22aaaec627fcca45d65a
SSDEEP

3072:tdEqQg9ORti8IDzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:tAaORtLMzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73be91939feedfc3e8842fc65622162e_JaffaCakes118

Files

73be91939feedfc3e8842fc65622162e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

024c5e40ba868071a9c4a1c678a1f435

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\yDiwRIU\ZWTqeMkw\styxzqsxzplhUz\vviHtwRsRgkcr.pdb

Imports

ntoskrnl.exe

MmUnlockPages
MmQuerySystemSize
IoDeviceObjectType
IoGetDeviceInterfaceAlias
KeReadStateMutex
ExRaiseDatatypeMisalignment
MmMapUserAddressesToPage
IoCheckEaBufferValidity
RtlEnumerateGenericTable
KeInitializeSpinLock
IoGetTopLevelIrp
IoAcquireCancelSpinLock
RtlFindLeastSignificantBit
RtlClearAllBits
ZwQuerySymbolicLinkObject
SeOpenObjectAuditAlarm
KeReleaseSemaphore
IoGetRequestorProcess
RtlUnicodeToOemN
RtlUnicodeStringToOemString
MmAllocateMappingAddress
KeRemoveQueue
KeAttachProcess
FsRtlFastUnlockSingle
RtlSplay
IoVerifyVolume
ZwWriteFile
RtlGetCallersAddress
KeInsertQueue
RtlDeleteNoSplay
ExQueueWorkItem
ExRegisterCallback
IoEnumerateDeviceObjectList
KeInsertByKeyDeviceQueue
PoSetSystemState
KeInsertDeviceQueue
IoReleaseCancelSpinLock
KdEnableDebugger
KeInitializeTimer
SeDeassignSecurity
DbgBreakPointWithStatus
ZwFsControlFile
KeUnstackDetachProcess
PsChargeProcessPoolQuota
IoStartTimer
IoWritePartitionTableEx
KeWaitForMultipleObjects
IoGetRequestorProcessId
IoCreateStreamFileObject
FsRtlIsFatDbcsLegal
KeInitializeMutex
ZwDeleteKey
SeValidSecurityDescriptor
RtlHashUnicodeString
IoGetCurrentProcess
IoGetDeviceAttachmentBaseRef
IoInitializeTimer
KeInitializeSemaphore
ProbeForWrite
IoSetPartitionInformationEx
MmFlushImageSection
IoInvalidateDeviceState
IoSetStartIoAttributes
CcFlushCache
ExNotifyCallback
RtlRemoveUnicodePrefix
RtlDelete
RtlFindLongestRunClear
MmFreeMappingAddress
RtlFindUnicodePrefix
KeRemoveQueueDpc
ExSetResourceOwnerPointer
IoUpdateShareAccess
FsRtlAllocateFileLock
RtlRandom
ExDeleteNPagedLookasideList
PoUnregisterSystemState
RtlFindClearRuns
RtlDowncaseUnicodeString
RtlUpperString
IoReportDetectedDevice
ExSetTimerResolution
KeDeregisterBugCheckCallback
RtlCreateAcl
IoVerifyPartitionTable
MmMapLockedPages
MmFreeNonCachedMemory
IoThreadToProcess
RtlVerifyVersionInfo
IoWriteErrorLogEntry
CcCopyWrite
IoAllocateController
RtlCopyUnicodeString
ExReleaseFastMutexUnsafe
MmProbeAndLockPages
KeSetPriorityThread
CcFastMdlReadWait
KeSetBasePriorityThread
IoRequestDeviceEject
RtlAreBitsClear
MmAdvanceMdl
ObfReferenceObject
RtlMultiByteToUnicodeN
MmGetPhysicalAddress
MmAllocateContiguousMemory
ZwDeviceIoControlFile
FsRtlMdlWriteCompleteDev
RtlPrefixUnicodeString
IoAcquireRemoveLockEx
IoIsWdmVersionAvailable
MmMapIoSpace
IoBuildSynchronousFsdRequest
CcMdlRead
KeRevertToUserAffinityThread
IoGetDriverObjectExtension
FsRtlCheckLockForReadAccess
PsImpersonateClient
ExUnregisterCallback
IoCreateDisk
IoAllocateIrp
CcRepinBcb
CcGetFileObjectFromBcb
KeQueryActiveProcessors
CcPinRead
RtlCompareString
IoQueueWorkItem
KeSetTimerEx
RtlEqualUnicodeString
RtlClearBits
ZwOpenSection
SeQueryInformationToken
RtlFindSetBits
MmFreePagesFromMdl
FsRtlGetNextFileLock
CcFastCopyRead
RtlCopyLuid
PsGetVersion
ZwCreateFile
CcPreparePinWrite
IoReleaseRemoveLockAndWaitEx
SeFilterToken
ZwLoadDriver
RtlFindMostSignificantBit
KeSaveFloatingPointState
ZwDeleteValueKey
ObfDereferenceObject
FsRtlIsHpfsDbcsLegal
IoAllocateMdl
IoFreeWorkItem
SeTokenIsAdmin
SeImpersonateClientEx
RtlInitAnsiString
RtlOemStringToUnicodeString
MmProbeAndLockProcessPages
MmGetSystemRoutineAddress
CcMdlReadComplete
MmMapLockedPagesSpecifyCache
FsRtlFastCheckLockForRead
CcUninitializeCacheMap
CcCanIWrite
ExRaiseStatus
IoReadPartitionTable
KeSetImportanceDpc
ZwSetSecurityObject
PsSetLoadImageNotifyRoutine
ZwClose
CcInitializeCacheMap
PsGetProcessId
RtlMapGenericMask
RtlUpcaseUnicodeToOemN
ExGetPreviousMode
RtlUpcaseUnicodeString
HalExamineMBR
ExDeletePagedLookasideList
IoCheckShareAccess
IoSetShareAccess
CcZeroData
RtlFindClearBits
FsRtlIsNameInExpression
ExFreePoolWithTag
ZwQueryInformationFile
IoGetAttachedDeviceReference
RtlValidSecurityDescriptor
ZwSetValueKey
KeSetTimer
IoInitializeRemoveLockEx
FsRtlDeregisterUncProvider
RtlUnicodeStringToInteger
ZwQueryVolumeInformationFile
IoAllocateWorkItem
RtlSetDaclSecurityDescriptor
SeLockSubjectContext
PsTerminateSystemThread
KeReadStateEvent
IoRaiseHardError
FsRtlNotifyInitializeSync
ZwFreeVirtualMemory
ExReleaseResourceLite
PsLookupThreadByThreadId
PsGetCurrentThreadId
ExRaiseAccessViolation
FsRtlIsTotalDeviceFailure
RtlUpcaseUnicodeChar
PoStartNextPowerIrp
CcSetFileSizes
IoSetDeviceToVerify
ObCreateObject
MmHighestUserAddress
CcMdlWriteComplete
IofCallDriver
FsRtlFreeFileLock
CcSetReadAheadGranularity
ZwFlushKey
IoCreateSynchronizationEvent
RtlAreBitsSet
RtlxUnicodeStringToAnsiSize
IoQueryFileInformation
PoRegisterSystemState
ExInitializeResourceLite
FsRtlSplitLargeMcb
ExGetSharedWaiterCount
RtlAnsiCharToUnicodeChar
KeRemoveByKeyDeviceQueue
RtlAppendStringToString
CcUnpinDataForThread
CcMapData
MmAllocateNonCachedMemory
IoGetRelatedDeviceObject
ExLocalTimeToSystemTime
KeRundownQueue
ExAllocatePoolWithQuota
KeSetTargetProcessorDpc
ProbeForRead
CcSetDirtyPinnedData
RtlTimeToSecondsSince1980
KeInitializeApc
RtlUpperChar
ZwSetVolumeInformationFile
IoOpenDeviceRegistryKey
ZwAllocateVirtualMemory
IoStopTimer
KeFlushQueuedDpcs
PsGetCurrentProcessId
KeSetKernelStackSwapEnable
CcSetBcbOwnerPointer
KeInsertQueueDpc
ZwEnumerateValueKey
MmAddVerifierThunks
KeInitializeTimerEx
RtlExtendedIntegerMultiply
IoSetSystemPartition
SeCreateClientSecurity
RtlLengthRequiredSid
IoSetTopLevelIrp
MmIsThisAnNtAsSystem
KeClearEvent
IoCreateDevice
MmSizeOfMdl
IoGetStackLimits

Exports

Exports

?GlobalProjectOld@@YGPAXJPAJMK~U
?CopyFileA@@YGPAI_NF~U
?OnDataExW@@YGPAGPAEMG~U
?SetHeaderW@@YGEPADPADHK~U
?EnumFunctionOld@@YGXPAKJ~U
?IsValidDialog@@YGJH~U
?HideWindowInfoA@@YGFJ~U
?KillPathExW@@YGFKFPAIJ~U
?CancelValueExA@@YGHPAKHPAIPAD~U
?CancelPointA@@YGNPAD~U
?OnHeaderExW@@YGPADPAHIPAKG~U
?InsertScreenNew@@YGPAKPAI~U
?DecrementDialogW@@YGPAMHKKG~U
?IsValidCommandLineExW@@YGXPA_NFPAHPAF~U
?AppName@@YGDJPAII~U
?RtlModuleOld@@YG_NEF~U
?ModifyFolderPathOld@@YGPAMEPAHK~U
?IsTaskOriginal@@YGFJI~U
?IncrementHeightExW@@YGEPAIPAGPAF~U
?FormatPathOriginal@@YGXD~U
?PutDataA@@YGEMPAJ~U
?IsNotKeyNameW@@YGJPAJGKM~U
?KillFullNameNew@@YGPAMKFPANH~U
?PutHeightOld@@YGEFPAIK~U
?DecrementMediaType@@YGPAE_N_NM~U
?RtlPenNew@@YGHEPAFIK~U
?ShowSystemExA@@YGPAKPAE~U
?IsNotMutexOriginal@@YGPADIHPAEPAH~U
?KillSystemExA@@YGPAJEPAIK~U
?PutProjectW@@YGHPAEF~U
?InsertFolderOld@@YGEFMK~U
?EnumEventW@@YGKGDK~U
?CloseTimeOld@@YGPAFPAJ~U
?CloseCharOriginal@@YGPAGJ~U
?RemoveListItemW@@YGJFPAF~U
?InstallMutantExW@@YGMD~U
?CallHeaderEx@@YGJKPAHPAIPAD~U
?InsertScreen@@YGFIPAJG~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

024c5e40ba868071a9c4a1c678a1f435

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 518B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 700B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 518B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 700B