8adf758be6bef2cc140689e3d87a0e33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8adf758be6bef2cc140689e3d87a0e33_JaffaCakes118
Size

72KB
MD5

8adf758be6bef2cc140689e3d87a0e33
SHA1

05ea6ee658a2897ec1dca457eedd4fd697eb8b0d
SHA256

5a03660cffc27c48c133d2196f53d6f97c1d48d11ffa189897115027a641a8b9
SHA512

6fbb43772e90fb414d7be387e9fd9370a339933bf51d4bc986720ba108021528e2d3a0591bbb3fbedbe856cb13ae8224abfeec5641b1ee9bc4da811602d52d1c
SSDEEP

1536:LwQ5UP05WlvOj76XpzC2g4EuyOvXPXT8Mm9G6NC2J7w8xJXO3O:L5UP05kGfUpzZg4Nv/YMqG6NC2JU8x0e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8adf758be6bef2cc140689e3d87a0e33_JaffaCakes118

Files

8adf758be6bef2cc140689e3d87a0e33_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5211c98a966ce024e5cf44765c5b0726

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\mwbPzLCbeG\YhaYapWPrxuD\sGUrFtMpmilq\mhwIiveyuVafyz.pdb

Imports

ntoskrnl.exe

ZwQueryVolumeInformationFile
RtlClearAllBits
SeLockSubjectContext
KeInitializeTimer
RtlFindClearRuns
ZwSetValueKey
ExRaiseAccessViolation
KeDeregisterBugCheckCallback
FsRtlFastUnlockSingle
PsGetVersion
IoThreadToProcess
ExLocalTimeToSystemTime
RtlUnicodeToOemN
RtlCreateRegistryKey
CcGetFileObjectFromBcb
KeInitializeDpc
MmProbeAndLockPages
IoWMIWriteEvent
MmFreeMappingAddress
IoVerifyVolume
ExIsProcessorFeaturePresent
KeRevertToUserAffinityThread
RtlAppendUnicodeToString
ZwQueryValueKey
MmFlushImageSection
IoGetDeviceInterfaces
IoRaiseHardError
CcMdlRead
CcMapData
IoCheckEaBufferValidity
KeClearEvent
IoQueryFileInformation
RtlSetDaclSecurityDescriptor
ExSetResourceOwnerPointer
IoReleaseRemoveLockAndWaitEx
RtlDeleteElementGenericTable
CcPreparePinWrite
IoDeviceObjectType
MmAllocateNonCachedMemory
MmAddVerifierThunks
ExDeletePagedLookasideList
SePrivilegeCheck
IoIsWdmVersionAvailable
KeSetTargetProcessorDpc
IoFreeController
ObOpenObjectByPointer
MmMapLockedPagesSpecifyCache
RtlCharToInteger
KeGetCurrentThread
ZwClose
MmAllocateMappingAddress
PsReferencePrimaryToken
KeRemoveQueue
IoGetDeviceProperty
RtlIsNameLegalDOS8Dot3
RtlAppendStringToString
DbgBreakPoint
MmIsThisAnNtAsSystem
RtlUpperString
MmUnmapIoSpace
SeFreePrivileges
ZwAllocateVirtualMemory
VerSetConditionMask
SeTokenIsRestricted
RtlFindLastBackwardRunClear
KdDisableDebugger
RtlCreateSecurityDescriptor
MmQuerySystemSize
CcIsThereDirtyData
RtlAreBitsSet
DbgBreakPointWithStatus
RtlHashUnicodeString
RtlInitAnsiString
ExNotifyCallback
RtlDowncaseUnicodeString
MmFreeContiguousMemory
MmUnlockPagableImageSection
IoReuseIrp
PsChargeProcessPoolQuota
RtlValidSecurityDescriptor
RtlCopyLuid
IoQueueWorkItem
IoReleaseRemoveLockEx
IoCreateStreamFileObjectLite
MmUnmapReservedMapping
ZwUnloadDriver
ExCreateCallback
RtlUpperChar
IoGetDeviceInterfaceAlias
FsRtlNotifyUninitializeSync
RtlDelete
MmSecureVirtualMemory
IoFreeIrp
ZwOpenProcess
ObQueryNameString
RtlCopyString
IoCreateDevice
IoCreateFile
IoGetRequestorProcessId
IoIsOperationSynchronous
IoCreateStreamFileObject
SeOpenObjectAuditAlarm
IoOpenDeviceRegistryKey
ObMakeTemporaryObject
KeDetachProcess
IoGetDiskDeviceObject
KeLeaveCriticalRegion
RtlGUIDFromString
SeQueryInformationToken
ExReinitializeResourceLite
MmIsDriverVerifying
CcSetReadAheadGranularity
RtlWriteRegistryValue
RtlFreeOemString
IoGetAttachedDevice
PoUnregisterSystemState
RtlGetVersion
ExAllocatePoolWithQuotaTag
PoRequestPowerIrp
IoGetRelatedDeviceObject
CcZeroData
IoCreateDisk
RtlDeleteNoSplay
ZwOpenSection
RtlAnsiCharToUnicodeChar
RtlRandom
IoFreeWorkItem
PoRegisterSystemState
RtlEqualString
RtlFindNextForwardRunClear
MmIsVerifierEnabled
ExSetTimerResolution
RtlSetAllBits
SeCaptureSubjectContext
PsGetCurrentThread
RtlxAnsiStringToUnicodeSize
KeRemoveEntryDeviceQueue
RtlCompareMemory
IoFreeErrorLogEntry
MmLockPagableDataSection
ZwQueryKey
ZwSetSecurityObject
KeSaveFloatingPointState
PsLookupProcessByProcessId
ZwOpenKey
RtlxUnicodeStringToAnsiSize
IoUnregisterFileSystem
IoWriteErrorLogEntry
IoGetDeviceToVerify
FsRtlNotifyInitializeSync
IoGetStackLimits
FsRtlAllocateFileLock
KeFlushQueuedDpcs
MmProbeAndLockProcessPages
KefAcquireSpinLockAtDpcLevel
KeBugCheckEx
RtlMapGenericMask
ExSystemTimeToLocalTime
RtlFillMemoryUlong
IoInvalidateDeviceRelations
ZwCreateFile
KeInitializeEvent
SeAccessCheck
SeValidSecurityDescriptor
IoAllocateErrorLogEntry
RtlAddAccessAllowedAce
CcMdlWriteAbort
MmLockPagableSectionByHandle
ExRaiseDatatypeMisalignment
RtlSubAuthoritySid
RtlUpcaseUnicodeChar
CcFastCopyRead
RtlInitString
CcUnpinRepinnedBcb
RtlVerifyVersionInfo
RtlExtendedIntegerMultiply
MmMapUserAddressesToPage
RtlInitializeBitMap
IoGetTopLevelIrp
IoGetDmaAdapter
MmGetSystemRoutineAddress
PsReturnPoolQuota
RtlCompareUnicodeString
RtlTimeToSecondsSince1970
ZwDeviceIoControlFile
SeSetSecurityDescriptorInfo
MmAllocatePagesForMdl
IoEnumerateDeviceObjectList
RtlCompareString
CcPurgeCacheSection
IoSetSystemPartition
RtlInitializeUnicodePrefix
RtlUnicodeStringToAnsiString
ExAllocatePoolWithQuota
RtlEqualUnicodeString
PsSetLoadImageNotifyRoutine
RtlValidSid
SeAppendPrivileges
ExUnregisterCallback
IoReadPartitionTable
IoGetRequestorProcess
CcCopyWrite
ExReleaseResourceLite
IoSetPartitionInformationEx
MmUnlockPages
KeSetBasePriorityThread
SeTokenIsAdmin
ExAllocatePool
KeQueryActiveProcessors
MmPageEntireDriver
RtlStringFromGUID
RtlFreeAnsiString
KeSetKernelStackSwapEnable
PsImpersonateClient
ZwFlushKey
CcDeferWrite
IoSetHardErrorOrVerifyDevice
KeReadStateSemaphore
IoConnectInterrupt
IoAllocateIrp
IoDeleteSymbolicLink
ZwFsControlFile
CcRepinBcb
CcUnpinData
RtlUnicodeStringToInteger
IoSetThreadHardErrorMode
KeInitializeSpinLock
KeInsertDeviceQueue
IoReadPartitionTableEx
RtlSetBits
FsRtlFreeFileLock
SeUnlockSubjectContext
ZwOpenFile
IoRegisterFileSystem
IoAcquireVpbSpinLock
ExVerifySuite
IoSetTopLevelIrp
RtlLengthRequiredSid
IoBuildPartialMdl
IoRegisterDeviceInterface
ExFreePool
RtlFindClearBits
IoGetLowerDeviceObject
RtlEqualSid
RtlPrefixUnicodeString
KeWaitForSingleObject
CcMdlReadComplete
MmBuildMdlForNonPagedPool
KeInitializeQueue
IoSetDeviceInterfaceState
ZwLoadDriver
KeInitializeApc
DbgPrompt
IoAllocateAdapterChannel
KePulseEvent
RtlSecondsSince1970ToTime
IoDeleteDevice
IoCheckShareAccess
ObReferenceObjectByPointer
RtlClearBits
ZwMapViewOfSection
FsRtlCheckLockForReadAccess
RtlDeleteRegistryValue
ObInsertObject

Exports

Exports

?CallNameExW@@YGPAXJPAI&U
?EnumDateOld@@YGIGE&U
?RemoveFolderExA@@YGXIG&U
?SetListItemOld@@YGKPAJEPAFPAH&U
?CloseProfileExW@@YGPAJPADDFM&U
?InvalidateMutantA@@YGXPADKD&U
?LoadMutexW@@YGPAIPAEJPAI&U
?SendHeightExA@@YGPAKPAKPAFI&U
?LoadMediaTypeExW@@YGHPAD&U
?CrtListItemNew@@YGXPAGDPAG&U
?IsValidNameExA@@YGPADPAMHHD&U
?GenerateFolderW@@YGPAXPAG&U
?InsertDeviceW@@YGMEPAK&U
?CancelTimeEx@@YGGIPAHPAG&U
?EnumCharExA@@YGPAGJK&U
?GenerateMutantEx@@YGPAXHPAI&U
?EnumMessageW@@YGPAHGKHF&U
?DecrementDeviceExA@@YGIMF&U
?ModifyFullNameW@@YGNI&U
?DecrementClassExW@@YGPAMKPAHPAE&U
?CrtProcessNew@@YGXFDKN&U
?EnumKeyNameA@@YGPA_NEH&U
?GenerateSizeExW@@YGPAGPAG&U
?IsNotFolderPathA@@YG_NPAEFPAEG&U
?EnumCommandLineNew@@YGEGJPA_NJ&U
?IsNotValueW@@YGXPAKPAHPAN&U
?EventOriginal@@YGPAKPAFPAFGJ&U
?ValidateMonitorOld@@YGGM&U
?AddMutex@@YGMHGPAK&U
?InsertFullNameOriginal@@YGPA_NMG&U
?OnDirectoryW@@YGIE_NPAD&U
?AddDateTimeExA@@YGHJ&U
?CancelDirectoryExA@@YGJMFPADPAH&U
?IsConfigNew@@YGDPAMGN&U
?InstallListExA@@YGPAJDGJG&U
?RtlSectionW@@YGJHPAN&U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 453B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5211c98a966ce024e5cf44765c5b0726

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 453B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 720B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 453B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 720B