8dca3455f9c4ed480658e37e30dc6632_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8dca3455f9c4ed480658e37e30dc6632_JaffaCakes118
Size

159KB
MD5

8dca3455f9c4ed480658e37e30dc6632
SHA1

84cbc3474033b0d0ab4a828362598176836bccab
SHA256

660d2d3b501994e3462ed379aef0071ea6bc80d26a9e7971917a7b5366abd32f
SHA512

8a8f2f31495c5c843657f085bb4ca2510cde4d506b15d27ee2bdf69a1e01c3c1c6d08f117d1359ce145c523a0ef3ac42b27978adaaafc27acc0401633bac79b4
SSDEEP

3072:cdPgMbq8fk9ORtmDzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:cJ0ORtWzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dca3455f9c4ed480658e37e30dc6632_JaffaCakes118

Files

8dca3455f9c4ed480658e37e30dc6632_JaffaCakes118
.dll windows:5 windows x86 arch:x86

857279e31e30809ba5b88c42bc417a22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\KbaxAigwzm\swijvyy\zadpkvtIsu.pdb

Imports

ntoskrnl.exe

PsDereferencePrimaryToken
ExRaiseAccessViolation
RtlCompareUnicodeString
PsGetCurrentThreadId
CcUnpinData
IoGetDeviceToVerify
IoVerifyPartitionTable
CcMapData
RtlUnicodeStringToOemString
IoFreeMdl
KeSetKernelStackSwapEnable
RtlInitUnicodeString
IoBuildSynchronousFsdRequest
RtlFindMostSignificantBit
RtlSecondsSince1980ToTime
IoGetDeviceObjectPointer
RtlInsertUnicodePrefix
MmIsVerifierEnabled
IoGetRequestorProcess
RtlCharToInteger
RtlAreBitsClear
IoVerifyVolume
ExSetTimerResolution
FsRtlIsDbcsInExpression
PoSetPowerState
ZwUnloadDriver
KeBugCheck
IoSetDeviceToVerify
RtlDelete
IoInitializeIrp
KeInitializeDpc
IoCreateDisk
ZwCreateSection
KeInitializeApc
PsTerminateSystemThread
RtlAddAccessAllowedAceEx
RtlValidSecurityDescriptor
IoReadDiskSignature
RtlInt64ToUnicodeString
MmProbeAndLockProcessPages
IoInvalidateDeviceState
RtlFindNextForwardRunClear
MmUnmapReservedMapping
ZwOpenSymbolicLinkObject
IoAllocateIrp
MmUnsecureVirtualMemory
IofCallDriver
PsGetCurrentThread
RtlGenerate8dot3Name
RtlClearAllBits
IoIsWdmVersionAvailable
KeInitializeSemaphore
RtlOemToUnicodeN
RtlFindClearBitsAndSet
RtlAddAccessAllowedAce
CcFastCopyRead
KeInitializeTimerEx
KeRemoveDeviceQueue
CcUnpinDataForThread
ZwQueryObject
RtlFreeAnsiString
RtlFindClearRuns
MmForceSectionClosed
RtlCreateAcl
ZwWriteFile
MmAllocateContiguousMemory
MmHighestUserAddress
KeSetSystemAffinityThread
IoSetHardErrorOrVerifyDevice
RtlSecondsSince1970ToTime
ZwQueryVolumeInformationFile
FsRtlSplitLargeMcb
RtlDeleteElementGenericTable
CcCopyWrite
IoCheckEaBufferValidity
IoWritePartitionTableEx
IoCheckShareAccess
ExAllocatePoolWithQuota
CcRepinBcb
RtlStringFromGUID
IoDeviceObjectType
RtlUpperChar
RtlInitAnsiString
ExGetExclusiveWaiterCount
ZwCreateEvent
KeInsertByKeyDeviceQueue
KeWaitForMultipleObjects
IoThreadToProcess
MmSizeOfMdl
CcPinRead
RtlDeleteRegistryValue
FsRtlDeregisterUncProvider
IoStartNextPacket
IoIsOperationSynchronous
ZwOpenKey
IoSetPartitionInformation
IoReleaseVpbSpinLock
MmPageEntireDriver
FsRtlFastCheckLockForRead
ExReinitializeResourceLite
RtlUpcaseUnicodeChar
ZwAllocateVirtualMemory
ZwEnumerateValueKey
KeRevertToUserAffinityThread
RtlCreateSecurityDescriptor
IoQueryFileInformation
SeFilterToken
RtlPrefixUnicodeString
IoSetShareAccess
CcRemapBcb
ZwNotifyChangeKey
RtlCheckRegistryKey
KeBugCheckEx
ZwQueryInformationFile
RtlUpcaseUnicodeString
DbgBreakPointWithStatus
RtlLengthSid
ExAllocatePoolWithTag
RtlCopyLuid
KeSaveFloatingPointState
RtlTimeToSecondsSince1980
KeRemoveQueue
ExSetResourceOwnerPointer
PsReferencePrimaryToken
RtlVolumeDeviceToDosName
ObReleaseObjectSecurity
MmGetSystemRoutineAddress
KeDeregisterBugCheckCallback
IoGetDeviceProperty
WmiQueryTraceInformation
PsGetProcessId
IoInitializeRemoveLockEx
RtlQueryRegistryValues
MmGetPhysicalAddress
ExGetPreviousMode
IoRegisterDeviceInterface
SeTokenIsAdmin
IoCreateStreamFileObjectLite
PsIsThreadTerminating
SeQueryInformationToken
ZwPowerInformation
SeCreateClientSecurity
MmIsAddressValid
ExReleaseResourceLite
RtlxOemStringToUnicodeSize
ZwOpenProcess
ExNotifyCallback
CcMdlRead
KeSetTimer
FsRtlIsFatDbcsLegal
ZwCreateFile
MmAllocateMappingAddress
IoCreateDevice
IoGetDeviceAttachmentBaseRef
MmBuildMdlForNonPagedPool
ExVerifySuite
SeAccessCheck
SeAssignSecurity
IoReleaseCancelSpinLock
RtlxAnsiStringToUnicodeSize
ExFreePoolWithTag
KeQueryActiveProcessors
CcZeroData
CcUninitializeCacheMap
RtlInitializeUnicodePrefix
FsRtlCheckOplock
MmMapLockedPages
SeAppendPrivileges
ZwFreeVirtualMemory
IoSetThreadHardErrorMode
RtlFindSetBits
RtlFillMemoryUlong
PoRequestPowerIrp
ExAllocatePoolWithQuotaTag
MmProbeAndLockPages
RtlExtendedIntegerMultiply
MmLockPagableDataSection
RtlEqualString
KeInsertQueue
RtlFreeOemString
ExInitializeResourceLite
IoCancelIrp
RtlxUnicodeStringToAnsiSize
KeDelayExecutionThread
KeQuerySystemTime
KdEnableDebugger
RtlCreateRegistryKey
RtlUnicodeToOemN
DbgBreakPoint
KeReleaseSemaphore
MmLockPagableSectionByHandle
RtlAnsiStringToUnicodeString
IoIsSystemThread
PsGetVersion
DbgPrompt
ObCreateObject
PoSetSystemState
RtlValidSid
ZwDeleteKey
KeUnstackDetachProcess
PsGetProcessExitTime
KdDisableDebugger
ExIsProcessorFeaturePresent
FsRtlFreeFileLock
RtlSubAuthoritySid
IoGetCurrentProcess
CcMdlWriteAbort
RtlClearBits
CcSetReadAheadGranularity
IoReleaseRemoveLockAndWaitEx
PsGetCurrentProcessId
KeClearEvent
SeTokenIsRestricted
IoFreeErrorLogEntry
MmIsDriverVerifying
KeInitializeTimer
KeInsertDeviceQueue
KeRestoreFloatingPointState
RtlLengthRequiredSid
IoRemoveShareAccess
ObReferenceObjectByHandle
KeRundownQueue
ExDeleteResourceLite
CcFastCopyWrite
PoStartNextPowerIrp
FsRtlCheckLockForWriteAccess
CcFlushCache
PsChargeProcessPoolQuota
RtlGetNextRange
IoAcquireVpbSpinLock
IoRaiseHardError
IoCreateStreamFileObject
IoVolumeDeviceToDosName
IoDeleteController
ExCreateCallback
SeImpersonateClientEx
RtlCopySid
IoFreeWorkItem
IoInitializeTimer
RtlTimeToTimeFields
MmAllocatePagesForMdl
KeWaitForSingleObject
RtlTimeFieldsToTime
MmCanFileBeTruncated
IoReuseIrp
ZwClose
SeDeassignSecurity
KeInsertHeadQueue
ZwCreateDirectoryObject
IoFreeController
KeCancelTimer
RtlCompareMemory
MmSetAddressRangeModified
ZwEnumerateKey
KeReleaseMutex
SeSetSecurityDescriptorInfo
CcUnpinRepinnedBcb
IoFreeIrp
FsRtlIsHpfsDbcsLegal
KeSetEvent

Exports

Exports

?GenerateFolder@@YGPAFPAFPAKI~U
?CancelKeyNameNew@@YGXE_N~U
?CrtProjectEx@@YGX_NEJI~U
?HideState@@YGENFPAE~U
?GlobalExpressionOld@@YGMKPAG~U
?CallDialogEx@@YGIMNI~U
?FormatListItemEx@@YGMIH~U
?GetMediaTypeOld@@YGNFPAM~U
?CopyMutexExA@@YGJPAHFPAI~U
?CopyKeyboardA@@YGNKEFPAH~U
?SendDialogOriginal@@YGEJE~U
?FreeCharEx@@YGMGFD~U
?ModifyPointer@@YGENPAFN~U
?CrtFullNameExA@@YGPAXDHH~U
?SendDateTimeEx@@YGX_N~U
?GetHeaderEx@@YGKPAJPAEM~U
?CallPointerEx@@YGNMPAEE~U
?FindMutantEx@@YGKGK~U
?CloseFolderPathExW@@YG_NPAJIPADPAK~U
?IsDateTimeOld@@YGXK~U
?InvalidatePointOriginal@@YGFPAHD~U
?AddPenOriginal@@YGGFPAME~U
?SendChar@@YGPAGKM~U
?WindowOriginal@@YGPA_NPADJ~U
?SetStringW@@YGIMEPAF~U
?IsNotFullName@@YGMPAJJPAE~U
?SetVersionW@@YGJ_NPAD~U
?SetListItemW@@YGIHPAMPAD~U
?OnProcessW@@YGGHPAG~U
?SetClassNew@@YGJPAFG~U
?KillObjectExW@@YGPAJMH~U
?MutexA@@YGGIKPAIPAE~U
?ValidateScreenOld@@YGPAXF~U
?PutMutexOld@@YGHG~U
?CancelProfileExW@@YGGPAKG~U
?LoadNameExA@@YGPAJKD~U
?PutWindowExA@@YGMPAI~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 643B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857279e31e30809ba5b88c42bc417a22

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 643B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 660B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 643B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 660B