74c02d58858cf6b4115e327a17f806c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74c02d58858cf6b4115e327a17f806c8_JaffaCakes118
Size

159KB
MD5

74c02d58858cf6b4115e327a17f806c8
SHA1

2a5c25b4d03303c97f3c68a4cba7fba2552b887b
SHA256

35ffd82584dee2b4439d70d4f2da91c6d2c05624e128b749d86ff86ca1c66411
SHA512

092254a83309a0624c8368fb6ea039a7a3cab6a44b3834b306cb8eaaf76797c3b0ad2f929d48dd2afbb1e027d130865ff986a270145fee024072bab933b5eec6
SSDEEP

3072:qX2ZRwONJs4euL0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:qGrtj0zwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74c02d58858cf6b4115e327a17f806c8_JaffaCakes118

Files

74c02d58858cf6b4115e327a17f806c8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0b6bafdbf3d926e413777e68c5f517f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\xxPOibXx\KxyfJNzuh\sYDqEsGxPpxi\cCxhpJTbfsYmsg\pPcIrusVyaw.pdb

Imports

ntoskrnl.exe

MmAllocateMappingAddress
ZwCreateEvent
MmUnsecureVirtualMemory
MmPageEntireDriver
IoWMIRegistrationControl
MmCanFileBeTruncated
CcGetFileObjectFromBcb
MmForceSectionClosed
PsChargeProcessPoolQuota
FsRtlMdlWriteCompleteDev
RtlInt64ToUnicodeString
RtlClearAllBits
FsRtlIsFatDbcsLegal
KeGetCurrentThread
IoFreeController
ObQueryNameString
CcInitializeCacheMap
ExAllocatePoolWithTag
MmIsAddressValid
PoUnregisterSystemState
PsReturnPoolQuota
RtlFindLastBackwardRunClear
MmBuildMdlForNonPagedPool
KeResetEvent
PsIsThreadTerminating
SeUnlockSubjectContext
IoFreeMdl
KeBugCheck
FsRtlIsHpfsDbcsLegal
IoGetDeviceProperty
KeSetTimerEx
KeLeaveCriticalRegion
RtlValidSecurityDescriptor
SeAssignSecurity
ExAllocatePoolWithQuota
CcFlushCache
KeQueryActiveProcessors
RtlUnicodeToOemN
IoCreateDisk
KeInitializeDpc
RtlInitAnsiString
IoSetStartIoAttributes
PsGetThreadProcessId
KeRundownQueue
RtlLengthSid
KeRemoveQueue
PoSetPowerState
IoIsOperationSynchronous
ZwClose
RtlInitString
MmMapLockedPages
RtlCreateSecurityDescriptor
ZwWriteFile
IoConnectInterrupt
RtlOemStringToUnicodeString
IoGetDmaAdapter
IoGetAttachedDeviceReference
ZwFreeVirtualMemory
RtlFindLeastSignificantBit
KeInitializeSemaphore
IoAcquireCancelSpinLock
SeImpersonateClientEx
IoCreateSymbolicLink
RtlCompareUnicodeString
IoGetCurrentProcess
RtlFindLongestRunClear
RtlGetNextRange
ZwSetVolumeInformationFile
CcUninitializeCacheMap
IoDeviceObjectType
FsRtlCheckLockForReadAccess
KdDisableDebugger
KeRemoveQueueDpc
FsRtlIsNameInExpression
IoAllocateMdl
KeRemoveByKeyDeviceQueue
RtlFindMostSignificantBit
IoGetDeviceObjectPointer
RtlEqualString
RtlUpcaseUnicodeToOemN
RtlxAnsiStringToUnicodeSize
IoWritePartitionTableEx
PsCreateSystemThread
ZwCreateSection
ObReferenceObjectByHandle
MmIsVerifierEnabled
KeInitializeSpinLock
IoCheckQuotaBufferValidity
IoGetStackLimits
IoAllocateAdapterChannel
ZwCreateDirectoryObject
SeReleaseSubjectContext
IoInvalidateDeviceState
PsLookupThreadByThreadId
ZwOpenFile
ExVerifySuite
KeReadStateTimer
PsReferencePrimaryToken
RtlUpcaseUnicodeString
RtlFindSetBits
ZwOpenKey
KeAttachProcess
ExRaiseAccessViolation
RtlCharToInteger
IoReleaseVpbSpinLock
RtlVerifyVersionInfo
CcRepinBcb
FsRtlGetNextFileLock
CcMdlWriteAbort
FsRtlNotifyUninitializeSync
FsRtlAllocateFileLock
PsSetLoadImageNotifyRoutine
SeFreePrivileges
ObReferenceObjectByPointer
IoQueryDeviceDescription
FsRtlIsDbcsInExpression
ZwReadFile
SeValidSecurityDescriptor
FsRtlDeregisterUncProvider
IoSetDeviceInterfaceState
IoGetDeviceToVerify
SeQueryAuthenticationIdToken
FsRtlFastUnlockSingle
RtlSecondsSince1970ToTime
RtlUnicodeStringToOemString
CcSetFileSizes
ObfReferenceObject
ExDeleteResourceLite
PsGetCurrentProcessId
RtlHashUnicodeString
MmFreeMappingAddress
CcMapData
IoQueryFileInformation
RtlFindClearBits
MmAllocateNonCachedMemory
CcSetBcbOwnerPointer
CcFastMdlReadWait
RtlRandom
RtlRemoveUnicodePrefix
ExSystemTimeToLocalTime
ZwQueryInformationFile
ExSetTimerResolution
RtlCopyUnicodeString
FsRtlFastCheckLockForRead
MmGetSystemRoutineAddress
IoAllocateIrp
IoSetSystemPartition
RtlWriteRegistryValue
IoGetRelatedDeviceObject
ZwDeviceIoControlFile
KeInsertQueueDpc
RtlDowncaseUnicodeString
IoSetTopLevelIrp
RtlInitializeGenericTable
CcCopyWrite
IoCreateSynchronizationEvent
KeDeregisterBugCheckCallback
ZwEnumerateValueKey
MmGetPhysicalAddress
IoCheckShareAccess
KeInsertHeadQueue
RtlFillMemoryUlong
KeQueryInterruptTime
IoVolumeDeviceToDosName
IoGetDeviceInterfaceAlias
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
CcZeroData
KeCancelTimer
KeSetSystemAffinityThread
PsGetCurrentThread
RtlGUIDFromString
KeBugCheckEx
RtlUpperString
ZwOpenProcess
ExRegisterCallback
SeCaptureSubjectContext
RtlCreateAcl
ZwQuerySymbolicLinkObject
CcFastCopyWrite
RtlAnsiStringToUnicodeString
ExGetSharedWaiterCount
CcPreparePinWrite
IoStartPacket
RtlAreBitsSet
ZwAllocateVirtualMemory
SeQueryInformationToken
RtlCreateUnicodeString
CcMdlWriteComplete
ExFreePoolWithTag
CcMdlRead
RtlDeleteRegistryValue
KdEnableDebugger
IoInitializeRemoveLockEx
IoBuildPartialMdl
FsRtlLookupLastLargeMcbEntry
MmUnmapIoSpace
KePulseEvent
RtlSecondsSince1980ToTime
IoCreateStreamFileObject
RtlOemToUnicodeN
PoSetSystemState
ObCreateObject
ExUuidCreate
RtlMultiByteToUnicodeN
CcUnpinData
KeSynchronizeExecution
KeInitializeTimer
SeDeassignSecurity
RtlCompareString
RtlInsertUnicodePrefix
IoReadDiskSignature
RtlGetVersion
ZwFlushKey
KeSetTimer
MmSizeOfMdl
ZwUnloadDriver
CcPurgeCacheSection
ObMakeTemporaryObject
RtlNtStatusToDosError
MmMapLockedPagesSpecifyCache
KeDetachProcess
MmUnlockPages
RtlEqualUnicodeString
MmAllocatePagesForMdl
ZwMakeTemporaryObject
ZwSetSecurityObject
IoGetDeviceInterfaces
MmProbeAndLockProcessPages
RtlEqualSid
ExNotifyCallback
KeSetEvent
RtlVolumeDeviceToDosName
ExDeleteNPagedLookasideList
CcDeferWrite
IoDetachDevice
RtlUnicodeStringToInteger
KeSetImportanceDpc
DbgBreakPointWithStatus
IoReportDetectedDevice
CcPinMappedData
PoStartNextPowerIrp
KeReleaseMutex
SeAppendPrivileges
ExGetPreviousMode
RtlCheckRegistryKey
RtlxUnicodeStringToAnsiSize
SeLockSubjectContext
IoFreeIrp
IoDeleteController
SeOpenObjectAuditAlarm
ObInsertObject
MmFreeNonCachedMemory
RtlSetDaclSecurityDescriptor
WmiQueryTraceInformation
RtlQueryRegistryValues
PsGetProcessExitTime
ZwQueryVolumeInformationFile
RtlIntegerToUnicodeString

Exports

Exports

?AddPointerW@@YGPAGJEPAF@Z
?GlobalDeviceExW@@YGDKPAJPAKPAF@Z
?GlobalFolderPathA@@YGPAIJPAJ@Z
?HideHeaderExA@@YGMPAH@Z
?RemoveThreadOriginal@@YGIMM@Z
?EnumPenEx@@YGJIEFH@Z
?GlobalModule@@YGPAKPAG@Z
?SendWindowInfoW@@YGFPAHDPAKPAE@Z
?InstallProviderA@@YGDM@Z
?InvalidateProjectOld@@YGNFI@Z
?CrtVersionOriginal@@YGPAGPAFPAMPAI@Z
?AddProjectA@@YGED@Z
?GenerateExpressionExW@@YGND@Z
?FormatString@@YGGPAH@Z
?InvalidateDateTimeEx@@YGXHPAJHPAI@Z
?ValidateKeyNameNew@@YGPAKJPA_NME@Z
?OnClassOriginal@@YGFPADDPAGPAE@Z
?HideListItemExA@@YGNHPAGN@Z
?FormatTaskOld@@YGMKJ@Z
?IsTaskExW@@YGPADPAIPAM@Z
?CopyMonitorNew@@YGEMPA_NEPAF@Z
?DeleteEventA@@YGPADPA_NPAIFPAI@Z
?CopyScreenA@@YGFG@Z
?FindProcessW@@YGPAGKE@Z
?RtlNameOriginal@@YGPAIPAM@Z
?OnObjectExA@@YGHNMIJ@Z
?FormatTime@@YGIGPAGIN@Z
?IsListOld@@YGXPAIDN@Z
?MessageExA@@YGXJH@Z
?FreeRectOld@@YGG_ND@Z
?InsertExpression@@YGPAHJG@Z
?FormatEventW@@YGDJPADJ@Z
?InsertMonitorExA@@YGHIPAEG@Z
?GetListExA@@YGPADPAEPAE@Z
?InstallExpressionEx@@YGKJPAHG@Z
?IsValidSystemExA@@YGKKDPAIPAH@Z

Sections

.text
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 355B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b6bafdbf3d926e413777e68c5f517f3

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 355B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 28KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 355B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 688B