a4f3848c5da6c416df70933630a00104_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4f3848c5da6c416df70933630a00104_JaffaCakes118
Size

183KB
MD5

a4f3848c5da6c416df70933630a00104
SHA1

0dd40c0b7c54a3a4b05b3a47de58930d399a9102
SHA256

ff102eb0c86a94a1b26b00c3e0cdcc35630e0d0ccc0242dc6aac1681a7eca4f1
SHA512

9bd43cad4721c18c50c2ed5d6470c5703eb338892574116130402a26c23dabd20dbbe54f2e0444622f0f0e5a60a8c47848e5c173a1992442703126cf0348bc8d
SSDEEP

3072:2R9lIK5Y6GhlyhTuYE37eiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdQlK5z:2oT2GrgiU+dOgaq9lz7VdPyEdbt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4f3848c5da6c416df70933630a00104_JaffaCakes118

Files

a4f3848c5da6c416df70933630a00104_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2ce46b108c71c3e2cfa0f33f2884e8af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\wftlqlpjv\PsyeogcthhG\plonsFrvr\ynjfrgrXnnWVZ.pdb

Imports

ntoskrnl.exe

FsRtlIsTotalDeviceFailure
IoGetStackLimits
IoGetRequestorProcessId
RtlFindLeastSignificantBit
PoRequestPowerIrp
RtlDelete
ExRaiseStatus
DbgPrompt
PsIsThreadTerminating
KePulseEvent
KeInitializeDeviceQueue
RtlValidSecurityDescriptor
IoSetThreadHardErrorMode
IoReadPartitionTableEx
RtlFindMostSignificantBit
IoGetDeviceAttachmentBaseRef
CcRepinBcb
ZwDeleteKey
RtlInitializeBitMap
IoAcquireCancelSpinLock
RtlLengthRequiredSid
ZwQueryInformationFile
IoBuildSynchronousFsdRequest
ExFreePool
ZwFreeVirtualMemory
RtlStringFromGUID
ObOpenObjectByPointer
RtlDeleteRegistryValue
CcSetReadAheadGranularity
RtlInitUnicodeString
RtlUnicodeToMultiByteN
KeInsertHeadQueue
IoStartPacket
RtlLengthSecurityDescriptor
SePrivilegeCheck
KeInitializeSemaphore
ExIsProcessorFeaturePresent
IoCreateDevice
KeInitializeQueue
IoSetSystemPartition
MmUnmapLockedPages
KeReadStateEvent
MmUnlockPages
KdEnableDebugger
KeInitializeSpinLock
ZwOpenSection
KeRemoveDeviceQueue
RtlInitializeUnicodePrefix
RtlInitAnsiString
MmSizeOfMdl
MmGetSystemRoutineAddress
RtlFindUnicodePrefix
RtlClearAllBits
IoAcquireVpbSpinLock
KeRundownQueue
RtlVolumeDeviceToDosName
CcCopyWrite
RtlOemToUnicodeN
PsGetProcessId
ExQueueWorkItem
SeDeassignSecurity
FsRtlNotifyUninitializeSync
IoIsOperationSynchronous
FsRtlCheckLockForReadAccess
CcCopyRead
KeLeaveCriticalRegion
HalExamineMBR
ObReleaseObjectSecurity
RtlLengthSid
IoWriteErrorLogEntry
ZwCreateKey
CcUnpinDataForThread
ZwLoadDriver
PsImpersonateClient
ZwQueryObject
IoAcquireRemoveLockEx
RtlAnsiStringToUnicodeString
MmIsVerifierEnabled
MmGetPhysicalAddress
IoRequestDeviceEject
KeReadStateTimer
RtlEqualUnicodeString
IoRegisterDeviceInterface
KeInitializeTimerEx
WmiQueryTraceInformation
CcZeroData
ExCreateCallback
SeDeleteObjectAuditAlarm
KeWaitForSingleObject
ExSetTimerResolution
ExRaiseDatatypeMisalignment
SeReleaseSubjectContext
RtlDeleteElementGenericTable
RtlInitializeSid
MmPageEntireDriver
RtlCreateUnicodeString
KeAttachProcess
PoSetSystemState
RtlFindLongestRunClear
KeSetBasePriorityThread
IoSetPartitionInformation
IoDeleteDevice
RtlVerifyVersionInfo
IoWritePartitionTableEx
RtlAreBitsSet
IoCreateNotificationEvent
RtlExtendedIntegerMultiply
IoCreateSynchronizationEvent
SeAccessCheck
RtlCompareMemory
IoAllocateWorkItem
RtlGenerate8dot3Name
IoOpenDeviceRegistryKey
PoCallDriver
KeUnstackDetachProcess
FsRtlSplitLargeMcb
IoCheckQuotaBufferValidity
KeRemoveQueueDpc
IoInitializeTimer
ExSystemTimeToLocalTime
IoStopTimer
KeFlushQueuedDpcs
RtlOemStringToUnicodeString
ExAcquireResourceSharedLite
IoIsWdmVersionAvailable
PsDereferencePrimaryToken
MmAllocatePagesForMdl
RtlEnumerateGenericTable
IoWMIWriteEvent
RtlCopySid
KeGetCurrentThread
FsRtlFreeFileLock
IoQueueWorkItem
ObfDereferenceObject
FsRtlGetNextFileLock
FsRtlNotifyInitializeSync
MmProbeAndLockPages
CcSetDirtyPinnedData
ZwWriteFile
IoQueryFileDosDeviceName
ObReferenceObjectByHandle
ZwDeleteValueKey
CcPinMappedData
IoSetDeviceInterfaceState
PsGetProcessExitTime
SeQueryInformationToken
FsRtlCheckLockForWriteAccess
ExAllocatePool
IoDisconnectInterrupt
ObfReferenceObject
IoSetShareAccess
ProbeForWrite
MmUnsecureVirtualMemory
IoGetTopLevelIrp
ExDeletePagedLookasideList
ExGetSharedWaiterCount
RtlCompareUnicodeString
KeSetImportanceDpc
RtlCopyUnicodeString
CcMdlWriteComplete
PsRevertToSelf
ZwEnumerateValueKey
RtlNtStatusToDosError
IoAllocateErrorLogEntry
IoReportResourceForDetection
ObGetObjectSecurity
MmLockPagableDataSection
RtlAppendUnicodeToString
RtlxAnsiStringToUnicodeSize
SeAppendPrivileges
MmIsDriverVerifying
PoUnregisterSystemState
MmMapLockedPages
KeDeregisterBugCheckCallback
MmFreeNonCachedMemory
RtlCharToInteger
IoSetStartIoAttributes
RtlIntegerToUnicodeString
KeDelayExecutionThread
ExVerifySuite
RtlFindClearRuns
MmQuerySystemSize
FsRtlIsHpfsDbcsLegal
KeRemoveEntryDeviceQueue
RtlUnicodeStringToOemString
PsSetLoadImageNotifyRoutine
ZwFlushKey
ZwQueryValueKey
IoGetBootDiskInformation
CcMdlWriteAbort
KeReleaseSemaphore
SeSinglePrivilegeCheck
RtlGUIDFromString
MmIsThisAnNtAsSystem
ZwFsControlFile
KeSetKernelStackSwapEnable
KeSetEvent
KeSetTimerEx
KeInitializeMutex
RtlSplay
KeWaitForMultipleObjects
ExGetPreviousMode
SeTokenIsRestricted
IoGetAttachedDevice
ZwSetValueKey
IoVerifyPartitionTable
RtlAreBitsClear
IoInitializeIrp
SeAssignSecurity
RtlWriteRegistryValue
CcDeferWrite
KeCancelTimer
KeReadStateSemaphore
DbgBreakPointWithStatus
PsGetCurrentProcess
IoCheckEaBufferValidity
RtlTimeFieldsToTime
IoIsSystemThread
IoReleaseRemoveLockEx
MmFreeMappingAddress
IoSetPartitionInformationEx
SeSetSecurityDescriptorInfo
CcSetFileSizes
IoGetDmaAdapter
KeRestoreFloatingPointState
ObCreateObject
FsRtlDeregisterUncProvider
RtlCopyLuid
RtlTimeToSecondsSince1980
IoCreateStreamFileObjectLite
DbgBreakPoint
IoQueryDeviceDescription
RtlSetAllBits
ZwReadFile
FsRtlFastCheckLockForRead
MmSecureVirtualMemory
MmAdvanceMdl
IoCreateStreamFileObject
PsTerminateSystemThread
PsCreateSystemThread
KeQueryActiveProcessors
RtlFreeAnsiString
SeOpenObjectAuditAlarm
RtlInt64ToUnicodeString
ExLocalTimeToSystemTime
PsGetVersion
RtlFindClearBits
PoStartNextPowerIrp
KeInitializeApc
MmMapIoSpace
MmResetDriverPaging
CcIsThereDirtyData
SeCaptureSubjectContext
IoAllocateController
KefAcquireSpinLockAtDpcLevel
ObMakeTemporaryObject
RtlCreateAcl
IoFreeMdl

Exports

Exports

?FreeSemaphoreNew@@YGGPAJD&U
?IsNotDirectoryW@@YGGPAI&U
?IsValidVersionA@@YGIPAEPAKDPAJ&U
?OnDate@@YGPAG_NPAGN&U
?DeleteScreen@@YGXIPAGG&U
?SetWindowInfoW@@YGXIEGPA_N&U
?IsFunctionExW@@YGMPAHJ&U
?IncrementSystemA@@YGPAIJFPAIJ&U
?RemoveConfigOriginal@@YGPAXPAMMH&U
?EnumListItemA@@YGXI&U
?FormatFunctionExA@@YGNKKPAHI&U
?HideCharOriginal@@YGPAKPAK_NI&U
?InsertClassEx@@YGDDJE&U
?FormatTimerNew@@YGXNJ&U
?IsFullNameW@@YGPADPAGM&U
?Section@@YGFM&U
?CallFolderPath@@YGFFPAMM&U
?InsertObjectExA@@YGEKDHH&U
?GlobalStateNew@@YGPADPAKPAI&U
?DecrementVersionEx@@YGJDPAH&U
?RtlPenExA@@YGKKPAH&U
?FindKeyNameExW@@YGXID&U
?GenerateProcessEx@@YGPAMM&U
?CrtCharOriginal@@YGEJJG_N&U
?IsTimeA@@YGMF&U
?IsValidMediaTypeEx@@YGXPAM&U
?CrtMutexExW@@YGPADIHME&U
?ValidateExpressionW@@YGMPAII&U
?CopyMutexExW@@YGNPAH&U
?IsNotCommandLineOriginal@@YGXH&U
?InstallWindowEx@@YGPADIPAD&U
?CancelTimeOriginal@@YGFMHPAM&U
?CallData@@YGPAMHK&U
?HidePath@@YGIKPAEMPAE&U
?InvalidateDateTime@@YGJIPAM&U

Sections

.text
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ce46b108c71c3e2cfa0f33f2884e8af

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 55KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 353B

.data Size: 38KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 25KB - Virtual size: 55KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 353B

.data
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 688B