9523aac4828bbb8f27e3b04657e298dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9523aac4828bbb8f27e3b04657e298dd_JaffaCakes118
Size

81KB
MD5

9523aac4828bbb8f27e3b04657e298dd
SHA1

72a51741db40de22d4fc571ae6b90a543dcc2b9f
SHA256

f8325d9cedcaa42b4cd5eb934d0701a0e353d70e6bd35f547152f171697ea85f
SHA512

5f27f7dcf6c1a8afde36319737fcce96127601c58c4292e38e6755d2e41ef1410e2f0fbf5b54c58794a8327dfa1258a68beeaa32c726fe303027b9a598feb48f
SSDEEP

768://7wYgBR7VJLgnR6PH9PihpSM/XX3Mi2eYPkJ7lL6ccbXPcDnjLjIJHn:37uz7VbHupSW3SkJ7lWFDMI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9523aac4828bbb8f27e3b04657e298dd_JaffaCakes118

Files

9523aac4828bbb8f27e3b04657e298dd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

28e3f6471796413512bf7381080f6362

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\kMotMxrS\dUkyziTvjcfnD\eSpcviyNleYGng\ieffePvxzXz.pdb

Imports

ntoskrnl.exe

IoRequestDeviceEject
RtlUnicodeToOemN
KeInsertHeadQueue
ExGetPreviousMode
RtlInitializeUnicodePrefix
RtlCreateUnicodeString
RtlAddAccessAllowedAceEx
RtlRemoveUnicodePrefix
FsRtlMdlWriteCompleteDev
KeResetEvent
KeClearEvent
IoSetThreadHardErrorMode
SeAccessCheck
RtlRandom
IoStartTimer
KeInitializeEvent
ExRaiseDatatypeMisalignment
RtlUnicodeToMultiByteN
KeSetBasePriorityThread
RtlSecondsSince1980ToTime
RtlOemStringToUnicodeString
KeDelayExecutionThread
PoSetPowerState
RtlFindLongestRunClear
KeSetTargetProcessorDpc
MmFreeNonCachedMemory
RtlAnsiStringToUnicodeString
MmAllocateNonCachedMemory
IoCreateSymbolicLink
RtlMultiByteToUnicodeN
RtlFreeAnsiString
IoStopTimer
KeCancelTimer
RtlSubAuthoritySid
RtlUpperChar
IoBuildSynchronousFsdRequest
RtlQueryRegistryValues
IoSetDeviceInterfaceState
PsGetVersion
FsRtlIsTotalDeviceFailure
CcIsThereDirtyData
RtlCopySid
CcFastCopyRead
RtlFindUnicodePrefix
ZwOpenSection
CcDeferWrite
ExVerifySuite
MmSecureVirtualMemory
KeInsertQueue
IoInitializeTimer
ZwQuerySymbolicLinkObject
RtlValidSecurityDescriptor
IoAllocateIrp
KeRegisterBugCheckCallback
PoStartNextPowerIrp
KeSetEvent
IoRegisterDeviceInterface
RtlSetBits
KeRemoveQueueDpc
ExRaiseStatus
ExReleaseResourceLite
ExAllocatePoolWithTag
SeTokenIsRestricted
IoCheckQuotaBufferValidity
ExDeleteNPagedLookasideList
FsRtlCheckOplock
ZwCreateKey
IoUpdateShareAccess
IoConnectInterrupt
KeRestoreFloatingPointState
RtlAppendStringToString
KeInitializeTimer
KeInitializeMutex
KeSaveFloatingPointState
MmMapIoSpace
IoQueueWorkItem
IoGetStackLimits
ProbeForWrite
KeInsertByKeyDeviceQueue
ZwQueryKey
CcSetBcbOwnerPointer
PoRequestPowerIrp
IoWMIRegistrationControl
KeInitializeApc
RtlFindNextForwardRunClear
PoSetSystemState
IoInvalidateDeviceState
ExFreePool
KeQueryActiveProcessors
PsGetCurrentProcessId
RtlxUnicodeStringToAnsiSize
KeQueryInterruptTime
RtlEqualUnicodeString
PsSetLoadImageNotifyRoutine
IoGetDmaAdapter
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlInitAnsiString
RtlTimeToSecondsSince1980
IoSetHardErrorOrVerifyDevice
RtlCreateRegistryKey
ObReferenceObjectByHandle
ZwFsControlFile
MmSizeOfMdl
IoAcquireCancelSpinLock
MmGetSystemRoutineAddress
FsRtlIsFatDbcsLegal
RtlUnicodeStringToAnsiString
KeRemoveQueue
ZwQueryVolumeInformationFile
RtlNumberOfClearBits
KeBugCheck
MmResetDriverPaging
ExNotifyCallback
RtlUnicodeStringToInteger
MmQuerySystemSize
FsRtlGetNextFileLock
SeOpenObjectAuditAlarm
RtlFindSetBits
FsRtlNotifyUninitializeSync
MmForceSectionClosed
ZwDeleteKey
IoDetachDevice
KeLeaveCriticalRegion
IoOpenDeviceRegistryKey
IoGetAttachedDevice
MmBuildMdlForNonPagedPool
IoGetAttachedDeviceReference
RtlLengthRequiredSid
RtlSecondsSince1970ToTime
KdDisableDebugger
RtlInitString
FsRtlNotifyInitializeSync
RtlCopyLuid
SeValidSecurityDescriptor
SeTokenIsAdmin
IoDisconnectInterrupt
SeSinglePrivilegeCheck
MmLockPagableSectionByHandle
KeQuerySystemTime
RtlTimeToTimeFields
RtlClearBits
KeStackAttachProcess
KeWaitForMultipleObjects
RtlTimeToSecondsSince1970
RtlInitializeBitMap
IoIsSystemThread
IoGetRelatedDeviceObject
ExFreePoolWithTag
IoCreateDevice
SeImpersonateClientEx
IoAllocateErrorLogEntry
ExAcquireFastMutexUnsafe
IoStartNextPacket
IoFreeWorkItem
CcCopyRead
RtlUpcaseUnicodeToOemN
CcZeroData
KeSetImportanceDpc
ZwDeviceIoControlFile
IoGetDeviceProperty
KeReleaseMutex
ZwQueryInformationFile
ZwOpenFile
KeInitializeSemaphore
ExUuidCreate
IoDeviceObjectType
SeCreateClientSecurity
KeReadStateSemaphore
RtlValidSid
ZwDeleteValueKey
KeReleaseSemaphore
ExAllocatePoolWithQuotaTag
RtlUpperString
MmProbeAndLockPages
RtlInsertUnicodePrefix
MmUnmapIoSpace
IoCancelIrp
FsRtlIsNameInExpression
PoUnregisterSystemState
CcCopyWrite
ZwFreeVirtualMemory
ZwQueryObject
PsIsThreadTerminating
IoCreateNotificationEvent
IoCreateStreamFileObjectLite
RtlMapGenericMask
ZwCreateDirectoryObject
ZwReadFile
ExAcquireResourceSharedLite
CcPreparePinWrite
KeInitializeDpc
IoDeleteDevice
KeSetTimerEx
KeRemoveDeviceQueue
RtlFindClearRuns
CcRemapBcb
RtlDowncaseUnicodeString
MmUnmapLockedPages
IoMakeAssociatedIrp
ProbeForRead
MmIsAddressValid
IoFreeController
IoGetBootDiskInformation
MmCanFileBeTruncated
RtlStringFromGUID
ExLocalTimeToSystemTime
RtlCompareUnicodeString
MmMapLockedPagesSpecifyCache
CcUnpinDataForThread
MmAllocateContiguousMemory
FsRtlLookupLastLargeMcbEntry
IoAttachDeviceToDeviceStack
ExRaiseAccessViolation
ZwEnumerateKey
RtlAppendUnicodeToString
IoCheckShareAccess
RtlAnsiCharToUnicodeChar
ExIsProcessorFeaturePresent
IoInvalidateDeviceRelations
KeUnstackDetachProcess
PsCreateSystemThread
KeGetCurrentThread
FsRtlIsDbcsInExpression
RtlFindMostSignificantBit
ZwOpenProcess
PoCallDriver
ExGetExclusiveWaiterCount
RtlCreateSecurityDescriptor
RtlFindClearBitsAndSet
IoAllocateMdl
PsDereferencePrimaryToken
KeQueryTimeIncrement
MmGetPhysicalAddress
RtlFindLastBackwardRunClear
ExSystemTimeToLocalTime
KeInitializeTimerEx
IoRemoveShareAccess
RtlCompareString
IoSetSystemPartition
KeFlushQueuedDpcs
KeInitializeDeviceQueue
RtlCharToInteger
ExCreateCallback
MmFreePagesFromMdl
PoRegisterSystemState
KeInsertQueueDpc
KeSetTimer
IoIsWdmVersionAvailable
RtlVerifyVersionInfo
RtlFillMemoryUlong
ZwMakeTemporaryObject
RtlGetVersion
SeQueryInformationToken
KePulseEvent
RtlWriteRegistryValue
KeRundownQueue

Sections

.text
Size: 34KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_txt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_txt
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele3
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tele2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tele4
Size: 1024B - Virtual size: 521B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28e3f6471796413512bf7381080f6362

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 34KB - Virtual size: 37KB

.i_txt Size: 1KB - Virtual size: 1KB

.e_txt Size: 512B - Virtual size: 512B

.tele3 Size: 512B - Virtual size: 28B

.tele1 Size: 512B - Virtual size: 44B

.tele2 Size: 512B - Virtual size: 44B

.tele4 Size: 1024B - Virtual size: 521B

.data Size: 25KB - Virtual size: 55KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 1024B - Virtual size: 636B

.text
Size: 34KB - Virtual size: 37KB

.i_txt
Size: 1KB - Virtual size: 1KB

.e_txt
Size: 512B - Virtual size: 512B

.tele3
Size: 512B - Virtual size: 28B

.tele1
Size: 512B - Virtual size: 44B

.tele2
Size: 512B - Virtual size: 44B

.tele4
Size: 1024B - Virtual size: 521B

.data
Size: 25KB - Virtual size: 55KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1024B - Virtual size: 636B