8894861cae0b62413fc80b8db5f88fc7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8894861cae0b62413fc80b8db5f88fc7_JaffaCakes118
Size

64KB
MD5

8894861cae0b62413fc80b8db5f88fc7
SHA1

d994e9920ae11e0bd410a4e7baecbb4f190e1f9f
SHA256

8b7de4bf9bfb5c2c132f7405bd1e6304cb234a9c0af87825c3887cd8748ca877
SHA512

8947b3ca1b1956ee138d850f9ab49a64606eb81653822b9308099a03591f18583017d9fa78f632f0035434c4d1409fdbafb1032dfbd89b7402ac5a78e51361d7
SSDEEP

1536:0B9gcJg9pcJCZ1pXFHCIe2S7/HwubVgicHAWbp/:uEc4Z1/5YH9VgicHAWb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8894861cae0b62413fc80b8db5f88fc7_JaffaCakes118

Files

8894861cae0b62413fc80b8db5f88fc7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

307617dac32b6b8a007db0dd3d8a4fc0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\QplFffm\mFqhxcOpaypwtl\WHhfVaEYfz.pdb

Imports

ntoskrnl.exe

MmUnlockPagableImageSection
ZwOpenKey
RtlExtendedIntegerMultiply
KeLeaveCriticalRegion
KeQueryTimeIncrement
RtlAnsiStringToUnicodeString
IoInitializeIrp
RtlFindUnicodePrefix
RtlSetAllBits
FsRtlIsDbcsInExpression
IoRegisterFileSystem
FsRtlCheckLockForReadAccess
ExLocalTimeToSystemTime
RtlDeleteRegistryValue
FsRtlSplitLargeMcb
IoBuildPartialMdl
SeReleaseSubjectContext
ExVerifySuite
KeInsertHeadQueue
PsDereferencePrimaryToken
MmProbeAndLockPages
MmCanFileBeTruncated
MmBuildMdlForNonPagedPool
IoGetDeviceToVerify
IoCreateNotificationEvent
CcPinRead
CcUninitializeCacheMap
ExReinitializeResourceLite
ZwEnumerateKey
KeCancelTimer
IoRegisterDeviceInterface
IoVerifyVolume
KeRemoveByKeyDeviceQueue
RtlMultiByteToUnicodeN
IoRaiseHardError
RtlFindLongestRunClear
KeGetCurrentThread
RtlGetVersion
KeReleaseSemaphore
MmHighestUserAddress
RtlFreeOemString
FsRtlCheckOplock
MmAllocateContiguousMemory
IoGetRequestorProcessId
RtlInsertUnicodePrefix
IoReportResourceForDetection
RtlGUIDFromString
ExUuidCreate
ZwQueryVolumeInformationFile
ZwClose
IoWriteErrorLogEntry
ExQueueWorkItem
MmAddVerifierThunks
IoAllocateErrorLogEntry
SeFreePrivileges
ExDeleteResourceLite
KeWaitForMultipleObjects
MmMapLockedPages
SeFilterToken
RtlLengthSid
IoSetStartIoAttributes
ZwFlushKey
IoQueryFileInformation
RtlCopySid
IofCompleteRequest
ExUnregisterCallback
PsLookupThreadByThreadId
RtlCompareUnicodeString
ExReleaseResourceLite
RtlFindClearBitsAndSet
ZwOpenSymbolicLinkObject
RtlMapGenericMask
ExGetPreviousMode
IoCheckShareAccess
ZwOpenSection
IoReleaseRemoveLockAndWaitEx
KeInitializeDpc
FsRtlIsTotalDeviceFailure
RtlCharToInteger
ExCreateCallback
IoGetRelatedDeviceObject
CcPinMappedData
RtlCreateSecurityDescriptor
CcSetDirtyPinnedData
IoAcquireRemoveLockEx
MmPageEntireDriver
CcUnpinData
PoSetSystemState
RtlTimeToSecondsSince1970
ZwCreateKey
KeReadStateEvent
CcGetFileObjectFromBcb
IoVolumeDeviceToDosName
RtlUpcaseUnicodeToOemN
FsRtlNotifyUninitializeSync
IoOpenDeviceRegistryKey
IoAcquireVpbSpinLock
RtlUpperChar
ZwFreeVirtualMemory
ZwPowerInformation
FsRtlIsNameInExpression
FsRtlFastCheckLockForRead
PoRegisterSystemState
RtlSecondsSince1980ToTime
CcPreparePinWrite
SeTokenIsAdmin
SeOpenObjectAuditAlarm
RtlUnicodeStringToInteger
RtlCreateRegistryKey
ExFreePool
ExRaiseDatatypeMisalignment
ProbeForRead
KeWaitForSingleObject
IoMakeAssociatedIrp
RtlUnicodeToOemN
ZwSetValueKey
IoCheckQuotaBufferValidity
IoAllocateAdapterChannel
KeSetEvent
RtlStringFromGUID
IoGetDeviceObjectPointer
ZwLoadDriver
KeRemoveDeviceQueue
SePrivilegeCheck
MmUnlockPages
SeDeleteObjectAuditAlarm
KeInitializeTimer
RtlClearBits
ZwQueryInformationFile
RtlInitAnsiString
FsRtlNotifyInitializeSync
IoThreadToProcess
RtlSecondsSince1970ToTime
RtlRemoveUnicodePrefix
RtlAnsiCharToUnicodeChar
ProbeForWrite
ExAcquireFastMutexUnsafe
ExSetResourceOwnerPointer
KeUnstackDetachProcess
RtlVolumeDeviceToDosName
MmLockPagableDataSection
IoEnumerateDeviceObjectList
ZwOpenProcess
KeRemoveQueue
IoDeviceObjectType
MmFreeContiguousMemory
RtlRandom
RtlClearAllBits
CcRepinBcb
KeInsertQueue
MmSecureVirtualMemory
IoReleaseCancelSpinLock
MmIsThisAnNtAsSystem
IoSetPartitionInformationEx
RtlTimeToSecondsSince1980
FsRtlMdlWriteCompleteDev
KeSynchronizeExecution
MmFreeNonCachedMemory
ZwNotifyChangeKey
ExGetSharedWaiterCount
ZwCreateEvent
MmSetAddressRangeModified
IoFreeErrorLogEntry
CcFastCopyRead
KeBugCheckEx
PsCreateSystemThread
PsSetLoadImageNotifyRoutine
SeTokenIsRestricted
IoGetRequestorProcess
RtlIsNameLegalDOS8Dot3
ObReleaseObjectSecurity
IoStartTimer
MmQuerySystemSize
KeQueryInterruptTime
DbgBreakPointWithStatus
KeQueryActiveProcessors
IoWritePartitionTableEx
RtlEqualSid
ZwQuerySymbolicLinkObject
IoDeleteSymbolicLink
IoIsSystemThread
IoCreateStreamFileObjectLite
PsIsThreadTerminating
MmIsAddressValid
SeCreateClientSecurity
PsReferencePrimaryToken
KeRegisterBugCheckCallback
RtlInt64ToUnicodeString
SeQueryAuthenticationIdToken
CcUnpinRepinnedBcb
PsReturnPoolQuota
IoStartNextPacket
IoCreateStreamFileObject
KeReadStateMutex
FsRtlFreeFileLock
ObMakeTemporaryObject
ObfDereferenceObject
KdEnableDebugger
ExGetExclusiveWaiterCount
ZwCreateSection
ExAllocatePoolWithTag
RtlOemToUnicodeN
CcSetFileSizes
ObInsertObject
RtlEqualUnicodeString
MmUnmapLockedPages
KdDisableDebugger
IoGetDriverObjectExtension
WmiQueryTraceInformation
CcInitializeCacheMap
IoWMIWriteEvent
MmSizeOfMdl
CcPurgeCacheSection
MmFlushImageSection
RtlNumberOfClearBits
RtlUnicodeToMultiByteN
ObCreateObject
KeSetBasePriorityThread
ObGetObjectSecurity
IoAllocateMdl
ExRegisterCallback
RtlCopyString
MmMapLockedPagesSpecifyCache
KeInitializeSemaphore
FsRtlIsHpfsDbcsLegal
ZwFsControlFile
RtlAppendUnicodeToString
MmIsVerifierEnabled
IoIsOperationSynchronous
ExSystemTimeToLocalTime
MmResetDriverPaging
IoIsWdmVersionAvailable
RtlLengthRequiredSid
KePulseEvent
KeSetTimerEx
MmUnsecureVirtualMemory
KeSetKernelStackSwapEnable
PsTerminateSystemThread
PsGetCurrentProcess
IoSetHardErrorOrVerifyDevice
SeAccessCheck
ExAllocatePoolWithQuotaTag
PsGetCurrentProcessId
IoVerifyPartitionTable
IoRequestDeviceEject
ZwCreateDirectoryObject
KeResetEvent
IoDetachDevice
IoGetAttachedDeviceReference
RtlIntegerToUnicodeString
ZwMapViewOfSection
ZwSetVolumeInformationFile
KeReadStateSemaphore
RtlFindClearBits
RtlFreeAnsiString
IoCancelIrp
KeInitializeMutex
CcMdlReadComplete
IoGetDiskDeviceObject
KeSetSystemAffinityThread
RtlCompareString
ZwAllocateVirtualMemory
MmMapUserAddressesToPage

Exports

Exports

?IncrementTaskW@@YGXHPAMHPAH~U
?InvalidateKeyboardEx@@YGKJE~U
?InvalidateFolderPathA@@YGXPAKIG~U
?EnumDataEx@@YGMGNPAEJ~U
?CloseObjectA@@YGPAFPAKNDH~U
?SendFile@@YGMFPAM~U
?CrtAnchorA@@YGPAMGPAKD~U
?ModifyDataA@@YGXN~U
?PutKeyNameExW@@YGDDGPAEPAF~U
?KillFilePath@@YGXHPAKPAI~U
?OnObjectA@@YGHPAKPAEJE~U
?IsValidHeaderW@@YGPAE_NPAG_ND~U
?SetMutexOld@@YGPAGPAIPAD~U
?InvalidateHeaderNew@@YG_NMD~U
?SetArgumentExA@@YGPAJD~U
?DecrementFolderPathOld@@YGMK~U
?SetMemoryEx@@YGHMPAMNG~U
?CloseThreadNew@@YGPANIF~U
?LoadSystemA@@YGHPAG~U
?FormatWindowInfoOld@@YGPANJPAM~U
?HideDeviceExW@@YGKK~U
?InsertDirectoryOriginal@@YGJPAKPAKKI~U
?CallArgumentNew@@YGPAMKD~U
?CloseMessage@@YGKPAH~U
?CallFolderPathNew@@YGHE~U
?SystemNew@@YGPAXJFIPAG~U
?CancelFilePathExA@@YGGEPAEPAE~U
?SendSectionEx@@YGXF~U
?FreeConfigOld@@YGMI~U
?RtlPointExW@@YGHPAFPAME~U
?DeleteCommandLine@@YGPAMPA_NPAG_N~U
?IsProvider@@YGHG~U
?ValidateMutantExW@@YGMIMG~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

307617dac32b6b8a007db0dd3d8a4fc0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 660B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 692B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 660B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 692B