8451fea559573d9c1816f96469eb8402_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8451fea559573d9c1816f96469eb8402_JaffaCakes118
Size

159KB
MD5

8451fea559573d9c1816f96469eb8402
SHA1

b329d0812961690deb8306b31e2ff86875ee6715
SHA256

ebcd8df5dcb5462ca1947e9b5a23c3afce18b5db8b1c97f169c896a338cdf1b2
SHA512

c028d34cb7584615a54e3f839e9736a9b44feca06f7650cae7c75021369f094d9f71b5cc25eceeb2397e1a2f741112f0011a2da201c95f8a27db68cc5bafb7bb
SSDEEP

3072:nmKL/VAsh0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:nmKL/VADzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8451fea559573d9c1816f96469eb8402_JaffaCakes118

Files

8451fea559573d9c1816f96469eb8402_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b28bfab6b25ba635b7b3d8f361e21d77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tqahmcwI\psfjxrdvsila\scdidjG\ljelpKaGRqSVJ.pdb

Imports

ntoskrnl.exe

RtlAnsiStringToUnicodeString
IoSetStartIoAttributes
KeRegisterBugCheckCallback
RtlFindLastBackwardRunClear
FsRtlFastUnlockSingle
KeClearEvent
ZwCreateFile
ZwUnloadDriver
RtlIntegerToUnicodeString
FsRtlCheckLockForReadAccess
DbgPrompt
IoAllocateWorkItem
RtlRemoveUnicodePrefix
IoQueryDeviceDescription
ExDeleteResourceLite
RtlIsNameLegalDOS8Dot3
SeDeleteObjectAuditAlarm
KeInsertDeviceQueue
ExLocalTimeToSystemTime
MmGetSystemRoutineAddress
MmUnsecureVirtualMemory
RtlInitString
MmFreeNonCachedMemory
PoSetSystemState
KeSynchronizeExecution
MmMapIoSpace
RtlFindMostSignificantBit
KeSetImportanceDpc
ObReleaseObjectSecurity
IoGetDeviceAttachmentBaseRef
FsRtlFastCheckLockForRead
KeRemoveQueueDpc
CcUninitializeCacheMap
CcMdlWriteAbort
CcFastMdlReadWait
RtlLengthRequiredSid
ExGetSharedWaiterCount
KeWaitForSingleObject
IoGetDeviceInterfaceAlias
ZwOpenSymbolicLinkObject
MmIsVerifierEnabled
IoCancelIrp
KeBugCheck
RtlFindSetBits
KeReadStateMutex
RtlValidSid
RtlSecondsSince1980ToTime
PsReturnPoolQuota
KdEnableDebugger
PsTerminateSystemThread
SeAssignSecurity
IoAcquireCancelSpinLock
FsRtlAllocateFileLock
CcSetBcbOwnerPointer
SeSinglePrivilegeCheck
SeFreePrivileges
IoFreeIrp
MmIsAddressValid
CcUnpinData
IoReadDiskSignature
ObCreateObject
IoReleaseCancelSpinLock
FsRtlIsNameInExpression
KeInitializeTimer
ObMakeTemporaryObject
ZwCreateSection
PoSetPowerState
IoAllocateController
RtlUpcaseUnicodeString
RtlInsertUnicodePrefix
IoDeviceObjectType
CcUnpinRepinnedBcb
ObReferenceObjectByPointer
IoCreateNotificationEvent
ZwClose
IoAcquireRemoveLockEx
PoUnregisterSystemState
IoReportResourceForDetection
ZwOpenSection
MmProbeAndLockProcessPages
IoVolumeDeviceToDosName
RtlCompareUnicodeString
MmFlushImageSection
PsLookupThreadByThreadId
KeReleaseMutex
KeReadStateTimer
RtlFindNextForwardRunClear
RtlVolumeDeviceToDosName
KeFlushQueuedDpcs
FsRtlNotifyUninitializeSync
IoReleaseRemoveLockEx
KeDeregisterBugCheckCallback
RtlDeleteRegistryValue
KeSetTimer
RtlFillMemoryUlong
PsGetProcessExitTime
IoInvalidateDeviceRelations
IoStartTimer
RtlUpperString
CcRepinBcb
RtlFreeOemString
FsRtlGetNextFileLock
ZwOpenFile
IoReleaseVpbSpinLock
IoSetShareAccess
RtlCompareString
IoGetRequestorProcess
IoGetCurrentProcess
IoCsqRemoveIrp
RtlCreateRegistryKey
MmMapLockedPages
KeInitializeTimerEx
MmAddVerifierThunks
RtlInitAnsiString
IoSetThreadHardErrorMode
ZwPowerInformation
CcMdlReadComplete
KeInitializeSpinLock
ExUuidCreate
IoRequestDeviceEject
PsGetThreadProcessId
RtlTimeToSecondsSince1980
ExGetPreviousMode
IoFreeController
RtlTimeToSecondsSince1970
KeQueryTimeIncrement
RtlCreateUnicodeString
CcPurgeCacheSection
CcMdlWriteComplete
MmUnlockPages
IoGetTopLevelIrp
SePrivilegeCheck
IoCheckEaBufferValidity
PoCallDriver
RtlInt64ToUnicodeString
RtlSubAuthoritySid
MmFreePagesFromMdl
PsGetCurrentThread
ExRaiseDatatypeMisalignment
SeQueryAuthenticationIdToken
FsRtlSplitLargeMcb
KeStackAttachProcess
IoReadPartitionTableEx
KeRundownQueue
MmUnlockPagableImageSection
ZwQueryObject
PoStartNextPowerIrp
KeDelayExecutionThread
IoStartPacket
IoGetAttachedDeviceReference
IoIsOperationSynchronous
RtlStringFromGUID
ProbeForWrite
RtlFreeUnicodeString
KeCancelTimer
RtlFindClearBitsAndSet
RtlInitializeGenericTable
RtlValidSecurityDescriptor
IoUnregisterFileSystem
IoGetStackLimits
RtlAreBitsClear
ExNotifyCallback
RtlCopyUnicodeString
RtlCreateAcl
MmAllocateMappingAddress
KeRemoveDeviceQueue
SeQueryInformationToken
RtlInitializeBitMap
CcCanIWrite
RtlDelete
IoGetDeviceToVerify
IoReuseIrp
KeSetKernelStackSwapEnable
IoMakeAssociatedIrp
FsRtlIsDbcsInExpression
KeRemoveEntryDeviceQueue
IoWriteErrorLogEntry
RtlWriteRegistryValue
RtlGUIDFromString
ZwSetVolumeInformationFile
WmiQueryTraceInformation
IoAllocateErrorLogEntry
KeReadStateSemaphore
MmLockPagableDataSection
PoRequestPowerIrp
KeSetTimerEx
RtlFindClearRuns
RtlCheckRegistryKey
RtlUnicodeToMultiByteN
IoConnectInterrupt
IoFreeMdl
RtlAddAccessAllowedAceEx
MmAllocateContiguousMemory
KeRemoveByKeyDeviceQueue
ObQueryNameString
IoGetBootDiskInformation
IoEnumerateDeviceObjectList
IoCreateDevice
FsRtlLookupLastLargeMcbEntry
KeGetCurrentThread
ExQueueWorkItem
IoSetDeviceToVerify
KeSetSystemAffinityThread
IoAcquireVpbSpinLock
IoGetDriverObjectExtension
KeReleaseSemaphore
IoIsWdmVersionAvailable
ZwCreateDirectoryObject
FsRtlDeregisterUncProvider
ZwMapViewOfSection
RtlUnicodeStringToInteger
FsRtlMdlWriteCompleteDev
RtlSetAllBits
IoInitializeIrp
KeInitializeApc
MmIsThisAnNtAsSystem
RtlxAnsiStringToUnicodeSize
RtlUpperChar
ZwQueryValueKey
PsIsThreadTerminating
ObReferenceObjectByHandle
ZwNotifyChangeKey
IoQueryFileDosDeviceName
PsReferencePrimaryToken
IoQueueWorkItem
MmBuildMdlForNonPagedPool
MmFreeMappingAddress
IoInitializeRemoveLockEx
FsRtlNotifyInitializeSync
RtlSplay
IoRaiseHardError
KeBugCheckEx
IoGetDmaAdapter
MmFreeContiguousMemory
IoCreateDisk
IoDeleteController
KefAcquireSpinLockAtDpcLevel
IoFreeWorkItem
MmProbeAndLockPages
IoVerifyVolume
SeFilterToken
RtlAddAccessAllowedAce
IoAllocateMdl
ZwOpenProcess
KeUnstackDetachProcess
IoCheckQuotaBufferValidity
RtlxOemStringToUnicodeSize
RtlGetNextRange
ExUnregisterCallback
FsRtlIsHpfsDbcsLegal
IoSetPartitionInformation
ExDeletePagedLookasideList
IoOpenDeviceRegistryKey
ExRaiseAccessViolation
MmAdvanceMdl
ObfDereferenceObject
RtlInitializeUnicodePrefix

Exports

Exports

?ShowMutantA@@IJXPAKFPAI@X
?HideProcessW@@IJDEPAFPAF@X
?HideCharW@@IJXDPAGK@X

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vars1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars2
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vptr1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr2
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b28bfab6b25ba635b7b3d8f361e21d77

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.vars1 Size: 512B - Virtual size: 32B

.vars2 Size: 512B - Virtual size: 32B

.vars3 Size: 512B - Virtual size: 32B

.vars4 Size: 512B - Virtual size: 32B

.vptr1 Size: 512B - Virtual size: 32B

.vptr2 Size: 512B - Virtual size: 32B

.vptr3 Size: 512B - Virtual size: 32B

.vptr4 Size: 512B - Virtual size: 32B

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 1024B - Virtual size: 576B

.text
Size: 15KB - Virtual size: 14KB

.vars1
Size: 512B - Virtual size: 32B

.vars2
Size: 512B - Virtual size: 32B

.vars3
Size: 512B - Virtual size: 32B

.vars4
Size: 512B - Virtual size: 32B

.vptr1
Size: 512B - Virtual size: 32B

.vptr2
Size: 512B - Virtual size: 32B

.vptr3
Size: 512B - Virtual size: 32B

.vptr4
Size: 512B - Virtual size: 32B

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 1024B - Virtual size: 576B