8efbd95c8f7e9e6de309fda654f4c49f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8efbd95c8f7e9e6de309fda654f4c49f_JaffaCakes118
Size

183KB
MD5

8efbd95c8f7e9e6de309fda654f4c49f
SHA1

754d6317ee9f1bd56f63c51d7af0dd14f36d8e7a
SHA256

37e010195c984ae6632d44401370ed8b2ce1966c819e5e2be1454d9c6d50d31c
SHA512

8f083569ef5a6b8cc7e98d3259573962be358484f2b8254bebc9277cb6b2e5d28e97012323145b89023207909e751b24bee843ad515aa72f97314bbd26f4bf7a
SSDEEP

3072:VjCwx7Js1J4//E+7mslheiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdQlK5z:tqJ4nE+a6hgiU+dOgaq9lz7VdPyEdbt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8efbd95c8f7e9e6de309fda654f4c49f_JaffaCakes118

Files

8efbd95c8f7e9e6de309fda654f4c49f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

24717efa63eba0f39b3e8769a6c3d980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\ucXawji\SNilfwiaaqb\kjMQumVMyonbvM.pdb

Imports

ntoskrnl.exe

RtlOemStringToUnicodeString
IoGetDeviceInterfaceAlias
KeReadStateMutex
IoCheckShareAccess
RtlUnicodeStringToInteger
ZwFsControlFile
PsRevertToSelf
RtlTimeFieldsToTime
RtlDeleteNoSplay
MmLockPagableSectionByHandle
IoQueryFileInformation
SePrivilegeCheck
CcPinRead
KeReleaseMutex
RtlEqualUnicodeString
KeRemoveDeviceQueue
RtlFindSetBits
KeQueryInterruptTime
IoReadPartitionTable
RtlRemoveUnicodePrefix
PsChargeProcessPoolQuota
RtlFindLongestRunClear
KeWaitForMultipleObjects
PoRegisterSystemState
CcSetFileSizes
ZwFreeVirtualMemory
RtlTimeToTimeFields
KeInsertDeviceQueue
FsRtlCheckLockForWriteAccess
IoFreeIrp
IoQueueWorkItem
KeSetKernelStackSwapEnable
RtlEqualString
KeDetachProcess
KdDisableDebugger
ZwSetSecurityObject
KeInsertByKeyDeviceQueue
CcUnpinData
RtlInitUnicodeString
ExVerifySuite
IoGetDiskDeviceObject
MmUnmapLockedPages
PoSetPowerState
IoInvalidateDeviceRelations
FsRtlIsDbcsInExpression
MmIsAddressValid
IoGetAttachedDevice
SeDeassignSecurity
DbgPrompt
IoGetDeviceAttachmentBaseRef
PsGetVersion
IofCallDriver
CcUninitializeCacheMap
RtlPrefixUnicodeString
RtlInsertUnicodePrefix
KeGetCurrentThread
MmGetSystemRoutineAddress
MmMapIoSpace
IoSetPartitionInformation
PsTerminateSystemThread
ExAcquireResourceSharedLite
ZwQueryVolumeInformationFile
RtlAnsiStringToUnicodeString
MmProbeAndLockProcessPages
ZwAllocateVirtualMemory
CcMdlWriteComplete
ZwEnumerateKey
CcRepinBcb
IoFreeErrorLogEntry
RtlVerifyVersionInfo
CcCopyRead
KeBugCheckEx
FsRtlIsNameInExpression
RtlInitString
ProbeForRead
MmAllocateNonCachedMemory
IoReuseIrp
RtlCreateUnicodeString
MmUnlockPagableImageSection
IoCreateDevice
RtlIntegerToUnicodeString
ExDeletePagedLookasideList
RtlLengthSecurityDescriptor
IoSetTopLevelIrp
IoWritePartitionTableEx
ZwDeleteValueKey
RtlCompareUnicodeString
RtlFindMostSignificantBit
IoGetRelatedDeviceObject
RtlFindClearBits
RtlInt64ToUnicodeString
RtlFreeUnicodeString
ExGetSharedWaiterCount
RtlSetBits
KefAcquireSpinLockAtDpcLevel
IoAllocateErrorLogEntry
ExUuidCreate
IoQueryFileDosDeviceName
PsGetCurrentProcess
KeClearEvent
IoDeviceObjectType
ZwPowerInformation
KeInitializeDeviceQueue
RtlNtStatusToDosError
RtlClearAllBits
PoUnregisterSystemState
FsRtlAllocateFileLock
PsLookupProcessByProcessId
PsImpersonateClient
ExRaiseAccessViolation
MmResetDriverPaging
IoCreateStreamFileObjectLite
CcPurgeCacheSection
IoDeleteDevice
KeInitializeTimerEx
SeQueryInformationToken
ZwSetValueKey
IoReleaseRemoveLockEx
CcFastMdlReadWait
SeFreePrivileges
ObOpenObjectByPointer
ExFreePoolWithTag
IoGetLowerDeviceObject
CcDeferWrite
ZwUnloadDriver
PsSetLoadImageNotifyRoutine
ObGetObjectSecurity
RtlUpperChar
ExFreePool
RtlEnumerateGenericTable
IoGetDmaAdapter
IoCreateNotificationEvent
ZwQueryKey
MmAllocateMappingAddress
SeCreateClientSecurity
KePulseEvent
ZwOpenSection
RtlAppendUnicodeToString
IoRaiseHardError
PsDereferencePrimaryToken
ZwCreateKey
ExCreateCallback
IoFreeMdl
CcFastCopyRead
RtlAreBitsClear
KeQuerySystemTime
RtlFreeOemString
FsRtlFastUnlockSingle
MmFreePagesFromMdl
MmMapLockedPagesSpecifyCache
PsGetThreadProcessId
IoIsWdmVersionAvailable
ZwCreateFile
KeInitializeSemaphore
KdEnableDebugger
ExAllocatePoolWithTag
IoGetDeviceInterfaces
DbgBreakPoint
RtlUpcaseUnicodeChar
CcUnpinRepinnedBcb
ZwOpenFile
IofCompleteRequest
IoCreateSynchronizationEvent
CcRemapBcb
KeRemoveQueue
KeRevertToUserAffinityThread
ExLocalTimeToSystemTime
FsRtlIsHpfsDbcsLegal
IoReadDiskSignature
RtlCreateAcl
PsGetCurrentThread
IoRequestDeviceEject
IoVerifyPartitionTable
IoDeleteController
RtlInitializeUnicodePrefix
SeSinglePrivilegeCheck
CcZeroData
RtlValidSecurityDescriptor
RtlGetCallersAddress
IoCheckQuotaBufferValidity
CcIsThereDirtyData
KeInitializeMutex
IoAllocateController
MmPageEntireDriver
KeSetTargetProcessorDpc
IoGetDeviceToVerify
CcPinMappedData
IoAcquireCancelSpinLock
RtlWriteRegistryValue
IoConnectInterrupt
ObfReferenceObject
SeAccessCheck
ObfDereferenceObject
KeBugCheck
IoAllocateIrp
KeSetSystemAffinityThread
ZwQueryValueKey
MmMapLockedPages
ZwNotifyChangeKey
RtlAddAccessAllowedAce
IoAllocateWorkItem
IoReadPartitionTableEx
IoGetCurrentProcess
ExAllocatePoolWithQuota
KeUnstackDetachProcess
RtlLengthRequiredSid
IoEnumerateDeviceObjectList
MmHighestUserAddress
IoSetShareAccess
KeQueryTimeIncrement
MmAddVerifierThunks
KeInitializeEvent
RtlUnicodeStringToOemString
IoStartPacket
RtlTimeToSecondsSince1980
RtlUpcaseUnicodeToOemN
IoRegisterFileSystem
FsRtlSplitLargeMcb
KeRestoreFloatingPointState
SeSetSecurityDescriptorInfo
CcInitializeCacheMap
MmUnsecureVirtualMemory
CcMdlWriteAbort
IoOpenDeviceRegistryKey
HalExamineMBR
ZwQueryObject
KeInitializeApc
RtlClearBits
KeInitializeDpc
MmBuildMdlForNonPagedPool
IoCancelIrp
ObReferenceObjectByPointer
PsCreateSystemThread
RtlRandom
RtlxOemStringToUnicodeSize
RtlCheckRegistryKey
KeSaveFloatingPointState
IoReleaseVpbSpinLock
FsRtlIsTotalDeviceFailure
MmFreeNonCachedMemory
IoGetDeviceProperty
IoDeleteSymbolicLink
CcFastCopyWrite
RtlQueryRegistryValues
RtlAreBitsSet
IoRegisterDeviceInterface
FsRtlDeregisterUncProvider
RtlFindClearBitsAndSet
FsRtlCheckLockForReadAccess
RtlInitAnsiString
KeInitializeQueue
ObReleaseObjectSecurity
IoCsqRemoveIrp
ExReleaseResourceLite
ZwLoadDriver

Exports

Exports

?ModifyStringA@@YGGPAFJPAFPAH@Z
?HideSizeNew@@YGPAXEG@Z
?ClosePenNew@@YGXF@Z
?CrtDateNew@@YGIKN@Z
?DecrementProvider@@YGFDPAI@Z
?DecrementRectExA@@YGMPADPAJI_N@Z
?PutRectA@@YGXDFH@Z
?ShowConfigExA@@YGGJI@Z
?SetWidthExW@@YGPAFPAMGPA_N@Z
?GlobalThreadOld@@YGNN@Z
?FormatMutexOld@@YGJPANDPANPAI@Z
?FreeOptionA@@YGIDN@Z
?GlobalValueOriginal@@YGPAFF@Z
?FindKeyboardExA@@YGPAJPAED@Z
?FindConfigExW@@YGXEPAMJ@Z
?AddNameW@@YGPAMGJPADPAJ@Z
?RtlVersion@@YGKHEGPA_N@Z
?IsValidWindowA@@YGX_NFI@Z
?SendDataW@@YGMPAHGD@Z
?LoadFunctionW@@YGXE@Z
?InvalidateValueA@@YGMKFPAJ@Z
?SendSizeExA@@YGHGI@Z
?GenerateHeader@@YGPANG@Z
?IncrementFileOld@@YGHPAGPAMPAIN@Z
?FormatPenExW@@YGDE@Z
?IsNotModuleOriginal@@YGXEJPAMH@Z
?GetMutexNew@@YGKPAM@Z
?PutNameExW@@YGFH_NPAHPAH@Z
?RemoveDataExA@@YGPAGEPAEID@Z
?InsertWindowW@@YGXI@Z
?PutAppName@@YGPAXFM@Z
?EnumKeyNameOld@@YGIPAI@Z
?GlobalMutexExA@@YGIPADI@Z
?InvalidateDateW@@YGMF@Z
?ValidateConfig@@YGPAFHJPAHPAI@Z
?EnumProviderNew@@YGDPAME@Z
?ValidateDirectoryExA@@YG_NIHM@Z

Sections

.text
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24717efa63eba0f39b3e8769a6c3d980

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 42KB

.i_data Size: 1024B - Virtual size: 1024B

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 403B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 700B

.text
Size: 28KB - Virtual size: 42KB

.i_data
Size: 1024B - Virtual size: 1024B

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 403B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 700B