8e15a34b281c120b1726371e5a5796a0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e15a34b281c120b1726371e5a5796a0_JaffaCakes118
Size

159KB
MD5

8e15a34b281c120b1726371e5a5796a0
SHA1

15a48b1331f6eb9d36c8ef00d5a8824f01848bc9
SHA256

45f09befba24ee28598942f40026da8fae8079bbb03959822d7868fb27587015
SHA512

002aa1c9ceb595c98a3de3e386fee9357b84bb9edcd10f0a7ec4b1d509c26282304366423f8b7256f79dd3cb9eabce9d42b448388988279b290482cfd41790b7
SSDEEP

3072:cdnpPaoWVGv9ORtWDzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:cdpPaV+ORtGzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e15a34b281c120b1726371e5a5796a0_JaffaCakes118

Files

8e15a34b281c120b1726371e5a5796a0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3974af8e17d63539b8fdc8fc874edb0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\NUZqhtgXdghzGa\dugGputkr\XhIWfaueeP\sCdyBtfN\lxWjkvq.pdb

Imports

ntoskrnl.exe

KeInitializeEvent
CcZeroData
IoGetAttachedDeviceReference
IoGetRelatedDeviceObject
IoSetStartIoAttributes
KeSetKernelStackSwapEnable
ZwSetVolumeInformationFile
RtlFindLeastSignificantBit
SeTokenIsAdmin
KeSaveFloatingPointState
ZwOpenFile
MmFreePagesFromMdl
IoDeleteSymbolicLink
IoAllocateAdapterChannel
RtlInsertUnicodePrefix
ZwCreateDirectoryObject
RtlClearAllBits
ZwQueryInformationFile
FsRtlFastCheckLockForRead
VerSetConditionMask
IoQueryFileInformation
SeUnlockSubjectContext
RtlMapGenericMask
MmSecureVirtualMemory
ExLocalTimeToSystemTime
IoDeleteDevice
IoGetDeviceObjectPointer
RtlCreateAcl
RtlDeleteRegistryValue
PsGetCurrentThreadId
IoWMIWriteEvent
KdEnableDebugger
MmIsThisAnNtAsSystem
KeCancelTimer
CcInitializeCacheMap
RtlSecondsSince1980ToTime
MmGetPhysicalAddress
RtlClearBits
RtlCopyString
MmUnmapReservedMapping
ZwOpenKey
IoReleaseCancelSpinLock
MmAddVerifierThunks
RtlInitializeSid
RtlGUIDFromString
MmCanFileBeTruncated
RtlRandom
IoInitializeIrp
CcMapData
IoAllocateWorkItem
IoGetDeviceInterfaceAlias
ZwMapViewOfSection
RtlUpcaseUnicodeToOemN
ZwDeleteKey
MmFreeContiguousMemory
RtlDowncaseUnicodeString
PoSetSystemState
KeLeaveCriticalRegion
IoQueueWorkItem
SeAssignSecurity
RtlFindSetBits
KeSetTimerEx
RtlFreeAnsiString
RtlQueryRegistryValues
RtlLengthSid
ZwEnumerateKey
RtlSetDaclSecurityDescriptor
CcFastCopyRead
KeRemoveEntryDeviceQueue
ZwNotifyChangeKey
FsRtlIsHpfsDbcsLegal
RtlInitializeGenericTable
RtlFindNextForwardRunClear
IoWriteErrorLogEntry
ObReferenceObjectByPointer
RtlTimeToTimeFields
RtlInitializeBitMap
KeFlushQueuedDpcs
CcDeferWrite
PoSetPowerState
MmMapLockedPages
ZwAllocateVirtualMemory
IoWritePartitionTableEx
SePrivilegeCheck
IoStartNextPacket
RtlCompareString
FsRtlAllocateFileLock
RtlEqualString
PsImpersonateClient
ZwReadFile
KeInsertDeviceQueue
KeRegisterBugCheckCallback
MmProbeAndLockPages
RtlValidSecurityDescriptor
KeReleaseSemaphore
ExAcquireResourceSharedLite
IofCompleteRequest
IoCsqRemoveIrp
RtlHashUnicodeString
RtlCompareUnicodeString
KeSetBasePriorityThread
IoCreateDisk
SeTokenIsRestricted
RtlGetCallersAddress
MmMapUserAddressesToPage
ObGetObjectSecurity
IoSetPartitionInformationEx
IoOpenDeviceRegistryKey
ExRaiseDatatypeMisalignment
CcPurgeCacheSection
ExFreePoolWithTag
PsDereferencePrimaryToken
IoReleaseRemoveLockAndWaitEx
FsRtlNotifyInitializeSync
KeQueryInterruptTime
MmIsAddressValid
IoDisconnectInterrupt
PsRevertToSelf
FsRtlIsDbcsInExpression
ExReleaseFastMutexUnsafe
RtlAddAccessAllowedAce
KeRemoveQueueDpc
KeInitializeMutex
IoAllocateController
ObQueryNameString
ObReleaseObjectSecurity
KeDelayExecutionThread
CcPinMappedData
IoFreeController
KeBugCheckEx
RtlAddAccessAllowedAceEx
IoSetThreadHardErrorMode
IoRegisterDeviceInterface
MmUnlockPages
SeAccessCheck
FsRtlDeregisterUncProvider
ExRaiseAccessViolation
RtlTimeToSecondsSince1970
RtlInitAnsiString
IoConnectInterrupt
IoCreateStreamFileObjectLite
SeQueryInformationToken
KePulseEvent
CcUninitializeCacheMap
ProbeForRead
ZwOpenSection
RtlSecondsSince1970ToTime
ExUnregisterCallback
FsRtlCheckLockForReadAccess
ExAllocatePoolWithQuota
KeSetSystemAffinityThread
SeCreateClientSecurity
FsRtlIsFatDbcsLegal
KeSetImportanceDpc
IoGetCurrentProcess
IoSetDeviceToVerify
MmFreeMappingAddress
ExAllocatePoolWithTag
MmFlushImageSection
RtlUnicodeToMultiByteN
KeReleaseMutex
PoStartNextPowerIrp
RtlDelete
FsRtlFastUnlockSingle
IoWMIRegistrationControl
SeFilterToken
RtlInitializeUnicodePrefix
RtlIntegerToUnicodeString
SeValidSecurityDescriptor
ZwLoadDriver
FsRtlCheckLockForWriteAccess
IoAllocateIrp
IoAcquireCancelSpinLock
RtlSetAllBits
CcCopyRead
FsRtlNotifyUninitializeSync
KeStackAttachProcess
CcUnpinDataForThread
CcGetFileObjectFromBcb
PsGetCurrentThread
SeSinglePrivilegeCheck
IoQueryFileDosDeviceName
KeAttachProcess
ExFreePool
RtlInitString
FsRtlCheckOplock
CcSetFileSizes
RtlFindUnicodePrefix
PsCreateSystemThread
ObMakeTemporaryObject
RtlFreeOemString
IoMakeAssociatedIrp
KeReadStateMutex
ZwCreateSection
MmMapIoSpace
KeInitializeSpinLock
RtlOemStringToUnicodeString
RtlxOemStringToUnicodeSize
CcSetDirtyPinnedData
SeFreePrivileges
RtlDeleteNoSplay
IoCreateSynchronizationEvent
KeQueryTimeIncrement
RtlRemoveUnicodePrefix
IoInvalidateDeviceState
MmMapLockedPagesSpecifyCache
RtlUnicodeToOemN
KeWaitForMultipleObjects
RtlExtendedIntegerMultiply
IoGetDeviceInterfaces
ExNotifyCallback
IoReadPartitionTableEx
RtlAnsiCharToUnicodeChar
RtlFindMostSignificantBit
ExSystemTimeToLocalTime
IoReuseIrp
RtlEqualSid
PsLookupProcessByProcessId
SeImpersonateClientEx
IoBuildPartialMdl
MmGetSystemRoutineAddress
MmPageEntireDriver
RtlUpcaseUnicodeString
RtlAppendUnicodeToString
ZwCreateFile
IoCreateNotificationEvent
RtlWriteRegistryValue
MmResetDriverPaging
ExSetResourceOwnerPointer
PoUnregisterSystemState
ZwUnloadDriver
RtlVolumeDeviceToDosName
PsChargeProcessPoolQuota
IoGetDriverObjectExtension
RtlFindClearRuns
RtlGetNextRange
IoGetRequestorProcess
ZwFlushKey
MmAllocateMappingAddress
ZwCreateEvent
IoVerifyPartitionTable
IoCreateSymbolicLink
CcPinRead
IoIsSystemThread
FsRtlGetNextFileLock
MmIsDriverVerifying
CcFastCopyWrite
RtlUnicodeStringToOemString
ExAllocatePool
RtlLengthSecurityDescriptor
RtlFindLongestRunClear
KeInitializeQueue
PoRegisterSystemState
ExVerifySuite
PsReturnPoolQuota
ExGetPreviousMode
IoCheckQuotaBufferValidity
IoBuildSynchronousFsdRequest
SeCaptureSubjectContext
ZwFreeVirtualMemory
MmSetAddressRangeModified
PoRequestPowerIrp

Exports

Exports

?RemovePointOld@@YGKFK_NH~U
?FormatMemoryEx@@YGM_N~U
?PutDialogExA@@YGFPAF~U
?GetThreadA@@YGIE~U
?GlobalMemoryExA@@YGMFMGPAM~U
?IsValidFolderPathEx@@YGPAIEGF~U
?DeleteFolderOld@@YGDENEM~U
?KillOptionExA@@YGKPAIPADPAI~U
?CallFolder@@YGPADE~U
?InsertFunctionExW@@YGPAJJPAM~U
?IsNotProfileW@@YGPAHE~U
?PutMonitorW@@YGXIPAMK~U
?CancelListNew@@YGXDPAEGE~U
?OnKeyboardEx@@YG_NPAJKFK~U
?GetSystemEx@@YGJMFII~U
?InsertPointerA@@YGNIEE~U
?SendVersionA@@YGNIK~U
?CloseCharOriginal@@YGPAGPAM~U
?CrtDialogExW@@YGKJ~U
?CloseFolderOld@@YGXH~U
?FreeDateTimeExA@@YGGKH~U
?IsNotSemaphoreOld@@YGII~U
?OnPointExA@@YGPAFI~U
?IsDirectoryA@@YGPAFPAD_NNPAH~U
?FormatComponent@@YGXDFNPAJ~U
?ScreenW@@YGPAKN~U
?SectionOld@@YGPAJPAJPAJN~U
?CopyScreenExA@@YGIGHK~U
?EnumValueA@@YGPAMPAKPAH~U
?RtlSectionW@@YGPAXGPAG~U
?IsHeightA@@YGPANPADI~U
?CallDevice@@YGXPADH~U
?CloseSystemEx@@YGXPAE~U
?CallDataEx@@YGPAGPAF_NMPAG~U
?RtlNameNew@@YGIJ~U
?ConfigExA@@YGXPANPAJPAJ~U
?CloseClassW@@YGJPAJIPAFPAF~U
?AddKeyboardNew@@YGPAFEIPAG~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3974af8e17d63539b8fdc8fc874edb0b

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 470B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 696B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 470B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 696B