83d92316e3c5ae27fe51f612639dd05b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

83d92316e3c5ae27fe51f612639dd05b_JaffaCakes118
Size

106KB
MD5

83d92316e3c5ae27fe51f612639dd05b
SHA1

ed3bbc5240335aafd8a14674ee234c4888c7aa72
SHA256

c7ef2708c32b91273c683eecb7017810168602adf4a7d7b427b5d152cbad6b60
SHA512

0b759724e04f2f1525596a2943db8156c96434c23015bc7834c909e546aa6789706871f18db7c2925ee5b097a757fec720e711ef7be14e3394b844d36037dc06
SSDEEP

1536:85QucPmxQIxTMgXrFtns3JGem1ikJPwJSy/Ug4d:85Mo9LXr3sWvpUS8Ug+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83d92316e3c5ae27fe51f612639dd05b_JaffaCakes118

Files

83d92316e3c5ae27fe51f612639dd05b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

85b1a6638a83f07d84c4d9cef15dc400

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\kIuGwbDRqpl\qwQombfF\kqbqzfh\FKapoqe\cNpgaJdHzd.pdb

Imports

ntoskrnl.exe

IoConnectInterrupt
IoGetTopLevelIrp
PsGetVersion
IoCreateDevice
IoAllocateMdl
KeInitializeSemaphore
RtlSetAllBits
PsImpersonateClient
SeCaptureSubjectContext
RtlFindSetBits
RtlOemToUnicodeN
IoVerifyVolume
IoSetThreadHardErrorMode
RtlIsNameLegalDOS8Dot3
CcFastCopyRead
ExAllocatePoolWithTag
PoRegisterSystemState
KeInitializeApc
IoQueryFileInformation
RtlTimeToTimeFields
PoCallDriver
CcSetReadAheadGranularity
ObInsertObject
KeInitializeSpinLock
FsRtlFreeFileLock
CcUnpinRepinnedBcb
KeDelayExecutionThread
IoAcquireVpbSpinLock
MmAllocateMappingAddress
ZwEnumerateValueKey
FsRtlNotifyUninitializeSync
KeBugCheckEx
ObReferenceObjectByPointer
RtlCreateSecurityDescriptor
RtlValidSecurityDescriptor
RtlMultiByteToUnicodeN
PsGetCurrentProcess
RtlUnicodeToOemN
KeEnterCriticalRegion
ZwQueryObject
IoWMIWriteEvent
MmFreeContiguousMemory
KeSetTargetProcessorDpc
IoRegisterDeviceInterface
RtlCreateUnicodeString
ExInitializeResourceLite
RtlAreBitsClear
RtlQueryRegistryValues
SeTokenIsAdmin
FsRtlIsHpfsDbcsLegal
KeQueryActiveProcessors
IoCreateFile
IoReportResourceForDetection
MmUnmapIoSpace
CcSetDirtyPinnedData
ZwDeleteKey
IoGetAttachedDevice
KeReadStateTimer
SeAppendPrivileges
RtlGetNextRange
IoVolumeDeviceToDosName
PsRevertToSelf
CcCopyRead
CcRepinBcb
SeDeleteObjectAuditAlarm
IoGetAttachedDeviceReference
IoDeviceObjectType
ZwReadFile
RtlValidSid
ExGetExclusiveWaiterCount
CcPurgeCacheSection
IoQueueWorkItem
RtlFindLastBackwardRunClear
SePrivilegeCheck
ExReleaseResourceLite
RtlGUIDFromString
IoGetDeviceAttachmentBaseRef
IoGetStackLimits
IoUpdateShareAccess
KeReleaseSemaphore
ZwDeleteValueKey
ExAllocatePool
DbgPrompt
ZwCreateSection
RtlRemoveUnicodePrefix
RtlFindClearRuns
ZwOpenSection
IoAcquireCancelSpinLock
PsGetCurrentProcessId
ExUnregisterCallback
IoInitializeRemoveLockEx
ObReferenceObjectByHandle
ExFreePoolWithTag
RtlUnicodeStringToAnsiString
RtlInitializeSid
RtlFindLeastSignificantBit
RtlCompareUnicodeString
IoFreeErrorLogEntry
PsSetLoadImageNotifyRoutine
PsIsThreadTerminating
IoMakeAssociatedIrp
RtlInitializeGenericTable
IoInvalidateDeviceState
KeRevertToUserAffinityThread
ProbeForWrite
MmAddVerifierThunks
MmResetDriverPaging
KePulseEvent
RtlxAnsiStringToUnicodeSize
RtlDelete
IoInitializeTimer
PsChargeProcessPoolQuota
FsRtlGetNextFileLock
CcMapData
ZwCreateEvent
KeSetTimer
PsTerminateSystemThread
PoSetSystemState
MmCanFileBeTruncated
MmMapUserAddressesToPage
KeReleaseMutex
PoUnregisterSystemState
PoSetPowerState
RtlInsertUnicodePrefix
SeQueryInformationToken
IoCancelIrp
IoSetSystemPartition
ExRaiseAccessViolation
MmSetAddressRangeModified
FsRtlNotifyInitializeSync
ZwUnloadDriver
MmUnmapReservedMapping
ExFreePool
MmGetPhysicalAddress
ExAllocatePoolWithQuotaTag
FsRtlMdlWriteCompleteDev
PsReturnPoolQuota
KeInitializeDpc
ZwClose
RtlInitializeBitMap
CcUninitializeCacheMap
MmGetSystemRoutineAddress
CcPinMappedData
IoGetDeviceInterfaces
ExSetTimerResolution
SeOpenObjectAuditAlarm
RtlLengthRequiredSid
RtlLengthSecurityDescriptor
MmMapLockedPages
MmSizeOfMdl
PsReferencePrimaryToken
RtlGenerate8dot3Name
MmFreePagesFromMdl
MmUnlockPages
ExSystemTimeToLocalTime
ZwNotifyChangeKey
PoRequestPowerIrp
RtlFindUnicodePrefix
IoIsOperationSynchronous
KeReadStateSemaphore
ExRaiseStatus
RtlPrefixUnicodeString
MmForceSectionClosed
ExGetSharedWaiterCount
ZwSetValueKey
IoSetTopLevelIrp
IoRemoveShareAccess
FsRtlIsFatDbcsLegal
MmHighestUserAddress
IoWMIRegistrationControl
RtlUpcaseUnicodeToOemN
CcInitializeCacheMap
SeQueryAuthenticationIdToken
SeReleaseSubjectContext
FsRtlFastUnlockSingle
ZwLoadDriver
MmAllocateNonCachedMemory
RtlDowncaseUnicodeString
RtlInitAnsiString
IoDisconnectInterrupt
FsRtlIsDbcsInExpression
ZwCreateDirectoryObject
ZwOpenKey
SeLockSubjectContext
KeClearEvent
ExAcquireResourceSharedLite
RtlUpcaseUnicodeString
MmIsDriverVerifying
ZwQueryInformationFile
IoGetCurrentProcess
ZwSetVolumeInformationFile
SeAssignSecurity
CcDeferWrite
ExUuidCreate
IoGetRequestorProcess
IoGetDiskDeviceObject
KeSetEvent
RtlAnsiStringToUnicodeString
ObReleaseObjectSecurity
MmUnmapLockedPages
KeUnstackDetachProcess
RtlEqualString
RtlSetBits
IoBuildPartialMdl
ExAcquireFastMutexUnsafe
IoSetHardErrorOrVerifyDevice
FsRtlSplitLargeMcb
SeSetSecurityDescriptorInfo
IoAllocateAdapterChannel
ZwQueryVolumeInformationFile
ZwEnumerateKey
ExGetPreviousMode
KeRemoveQueue
ExReleaseFastMutexUnsafe
KeAttachProcess
ExQueueWorkItem
IoInvalidateDeviceRelations
CcFastCopyWrite
CcUnpinData
KdEnableDebugger
IoGetDeviceToVerify
CcRemapBcb
IoDeleteSymbolicLink
ZwQueryKey
IoCreateStreamFileObjectLite
ObOpenObjectByPointer
MmIsVerifierEnabled
ZwDeviceIoControlFile
RtlCompareMemory
KeInitializeMutex
ObMakeTemporaryObject
IoCsqRemoveIrp
PsGetCurrentThread
SeFilterToken
PsDereferencePrimaryToken
IoBuildSynchronousFsdRequest
KeDeregisterBugCheckCallback
RtlDeleteNoSplay
RtlClearAllBits
KeInitializeEvent
MmSecureVirtualMemory
RtlCopySid
KeSetBasePriorityThread
IoSetShareAccess
RtlGetVersion
PsGetProcessId
IoReportDetectedDevice
ZwOpenFile
RtlUpcaseUnicodeChar
IoWriteErrorLogEntry
ProbeForRead
RtlDeleteElementGenericTable
IoCheckQuotaBufferValidity
MmFreeMappingAddress
ExDeleteNPagedLookasideList
KeQuerySystemTime

Exports

Exports

?HideMutex@@IJPAFGHPAI@X

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85b1a6638a83f07d84c4d9cef15dc400

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 61KB - Virtual size: 61KB

.init Size: - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 512B - Virtual size: 504B

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 61KB - Virtual size: 61KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 512B - Virtual size: 504B