a71c15ca69b443ac4618d15c0e3fe921_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a71c15ca69b443ac4618d15c0e3fe921_JaffaCakes118
Size

58KB
MD5

a71c15ca69b443ac4618d15c0e3fe921
SHA1

ae0d74964bcc19d064f228d85bc9839567206e6b
SHA256

9f0d952e9456e89401b0dacb8a64a30f138cd641768ce43c1b11dd15655cc555
SHA512

d55588a79bf73b639d55096215e63681d6394247be152e27a3e759632b73a94ac8af7ce7fac39a042b734d153b5d278628857e7c6a442afb0aca0b002b74a23f
SSDEEP

1536:eUaUARtgdW+krq2+89bLostzqEFa9ORtiY/S/:fvNdW82X9bLx1A9ORtiY/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a71c15ca69b443ac4618d15c0e3fe921_JaffaCakes118

Files

a71c15ca69b443ac4618d15c0e3fe921_JaffaCakes118
.dll windows:5 windows x86 arch:x86

36ff2e9f2b62200dc8efeab624f59fa1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\GqjmzgpjzKxlxo\sjHyjGtvrqmzU\ceBbrbx.pdb

Imports

ntoskrnl.exe

IoGetDiskDeviceObject
IoGetTopLevelIrp
IofCallDriver
IoMakeAssociatedIrp
RtlCharToInteger
FsRtlSplitLargeMcb
IoDeleteDevice
KeQuerySystemTime
IoSetTopLevelIrp
IoAcquireVpbSpinLock
KeReadStateSemaphore
RtlFreeAnsiString
RtlFindClearRuns
RtlExtendedIntegerMultiply
IoCreateDisk
ExFreePool
IoInitializeIrp
SeAccessCheck
RtlInitializeSid
MmBuildMdlForNonPagedPool
RtlCompareUnicodeString
RtlSecondsSince1970ToTime
KeSetPriorityThread
KeQueryTimeIncrement
IoGetDeviceToVerify
MmUnmapLockedPages
KeRestoreFloatingPointState
IoGetDeviceProperty
SeFilterToken
RtlOemStringToUnicodeString
RtlGetCallersAddress
IoReuseIrp
IoReportResourceForDetection
IoGetDmaAdapter
RtlUnicodeStringToInteger
KeSetEvent
RtlLengthSid
RtlFindMostSignificantBit
PsGetProcessId
IoReadPartitionTableEx
IoInitializeTimer
KeWaitForSingleObject
RtlFindNextForwardRunClear
IoRegisterDeviceInterface
PsSetLoadImageNotifyRoutine
IoWritePartitionTableEx
MmAllocateMappingAddress
RtlUpcaseUnicodeToOemN
PsReferencePrimaryToken
HalExamineMBR
ZwWriteFile
ObOpenObjectByPointer
MmAllocateNonCachedMemory
IoAllocateController
SeImpersonateClientEx
IoDeleteSymbolicLink
ExUnregisterCallback
SeCaptureSubjectContext
KeRundownQueue
MmLockPagableDataSection
ZwSetValueKey
IoGetLowerDeviceObject
RtlSetDaclSecurityDescriptor
ObMakeTemporaryObject
FsRtlMdlWriteCompleteDev
IoCreateStreamFileObjectLite
IoDisconnectInterrupt
ExReleaseResourceLite
IofCompleteRequest
ZwQueryInformationFile
FsRtlIsFatDbcsLegal
RtlGUIDFromString
KePulseEvent
KeResetEvent
IoSetDeviceInterfaceState
KeInitializeApc
ExSystemTimeToLocalTime
IoReadDiskSignature
MmGetSystemRoutineAddress
WmiQueryTraceInformation
IoUnregisterFileSystem
IoCreateSynchronizationEvent
KeClearEvent
CcCopyRead
KeQueryActiveProcessors
IoCsqRemoveIrp
SeSetSecurityDescriptorInfo
IoQueryDeviceDescription
SeDeassignSecurity
KeStackAttachProcess
FsRtlCheckOplock
KeLeaveCriticalRegion
RtlLengthSecurityDescriptor
CcSetBcbOwnerPointer
RtlAreBitsClear
MmUnlockPages
RtlGetNextRange
ZwOpenFile
KeInitializeTimer
ExSetResourceOwnerPointer
RtlSubAuthoritySid
IoQueryFileInformation
IoRegisterFileSystem
ExUuidCreate
DbgBreakPointWithStatus
KeUnstackDetachProcess
IoSetShareAccess
IoConnectInterrupt
RtlInitAnsiString
IoReadPartitionTable
PsLookupProcessByProcessId
ZwQueryObject
CcFastMdlReadWait
PsGetCurrentThread
ExReleaseFastMutexUnsafe
CcSetFileSizes
RtlVolumeDeviceToDosName
RtlAddAccessAllowedAce
RtlTimeToTimeFields
IoReleaseCancelSpinLock
ExSetTimerResolution
RtlUpperChar
RtlWriteRegistryValue
MmCanFileBeTruncated
IoRemoveShareAccess
IoSetPartitionInformationEx
MmFreeContiguousMemory
ExAllocatePoolWithQuotaTag
ExGetPreviousMode
MmLockPagableSectionByHandle
FsRtlIsNameInExpression
SeReleaseSubjectContext
ZwEnumerateValueKey
IoGetDeviceInterfaces
FsRtlAllocateFileLock
ExReinitializeResourceLite
IoFreeErrorLogEntry
ExLocalTimeToSystemTime
MmIsDriverVerifying
ObCreateObject
IoEnumerateDeviceObjectList
ZwDeleteValueKey
ZwMakeTemporaryObject
RtlInt64ToUnicodeString
IoStartNextPacket
MmAllocateContiguousMemory
RtlFindLongestRunClear
IoBuildSynchronousFsdRequest
KeInitializeDpc
RtlDowncaseUnicodeString
ZwPowerInformation
ZwSetVolumeInformationFile
RtlSplay
MmSetAddressRangeModified
ZwLoadDriver
IoCreateSymbolicLink
KeFlushQueuedDpcs
PsGetCurrentProcessId
IoWMIRegistrationControl
RtlEnumerateGenericTable
MmForceSectionClosed
PoSetPowerState
ZwFlushKey
RtlClearBits
PoRequestPowerIrp
RtlDelete
MmMapLockedPages
ZwDeviceIoControlFile
RtlInitializeGenericTable
RtlUnicodeToOemN
MmIsThisAnNtAsSystem
RtlClearAllBits
KeRevertToUserAffinityThread
ZwFsControlFile
MmSizeOfMdl
CcRepinBcb
ZwCreateDirectoryObject
IoUpdateShareAccess
IoCheckQuotaBufferValidity
RtlCopyLuid
ZwCreateFile
KeSetBasePriorityThread
CcMdlRead
KeReleaseMutex
KeSetKernelStackSwapEnable
MmMapLockedPagesSpecifyCache
KeInsertQueue
IoFreeMdl
RtlAreBitsSet
RtlAnsiCharToUnicodeChar
SeQueryInformationToken
RtlFindLastBackwardRunClear
KeQueryInterruptTime
CcFastCopyRead
RtlxOemStringToUnicodeSize
RtlSecondsSince1980ToTime
PsRevertToSelf
IoInvalidateDeviceState
IoVerifyVolume
SeLockSubjectContext
PsGetCurrentThreadId
RtlQueryRegistryValues
MmIsVerifierEnabled
IoReleaseRemoveLockAndWaitEx
ZwCreateSection
IoCheckShareAccess
IoSetSystemPartition
ZwMapViewOfSection
IoGetBootDiskInformation
IoDetachDevice
CcPinMappedData
IoBuildPartialMdl
KeReadStateMutex
ExRaiseAccessViolation
PoCallDriver
PoSetSystemState
ExIsProcessorFeaturePresent
MmAddVerifierThunks
CcPreparePinWrite
DbgBreakPoint
PsImpersonateClient
KeInitializeMutex
IoGetAttachedDeviceReference
IoWMIWriteEvent
IoStopTimer
ZwNotifyChangeKey
SeValidSecurityDescriptor
RtlDeleteNoSplay
IoGetDeviceInterfaceAlias
IoIsWdmVersionAvailable
IoAllocateMdl
CcZeroData
ObQueryNameString
IoSetHardErrorOrVerifyDevice
IoRequestDeviceEject
RtlVerifyVersionInfo
IoCheckEaBufferValidity
KeRemoveEntryDeviceQueue
ObReferenceObjectByPointer
MmSecureVirtualMemory
RtlTimeFieldsToTime
RtlValidSecurityDescriptor
PsReturnPoolQuota
ZwQueryVolumeInformationFile
RtlPrefixUnicodeString
KeDetachProcess
KeRemoveQueue
IoReportDetectedDevice
RtlEqualUnicodeString
KeReleaseSemaphore
MmUnlockPagableImageSection
KeSetImportanceDpc
RtlHashUnicodeString
SeAssignSecurity
ZwSetSecurityObject
IoCreateStreamFileObject

Exports

Exports

?IsDialogOld@@YGPAHPAEI~U
?IncrementWindowInfoOriginal@@YGFHIEK~U
?InsertDirectoryW@@YGPAHDK~U
?ObjectExA@@YGID~U
?RtlScreenW@@YGGDF~U
?IsValidRectA@@YGDPAFJI~U
?SetFolderA@@YGPAMPAK~U
?DeleteArgumentA@@YGXGD~U
?IncrementExpressionExA@@YGPAXPAE~U
?IsVersionEx@@YGID~U
?CrtMutantA@@YGPAHKI~U
?ModifyValueEx@@YGXPAD~U
?SendFileEx@@YGPAJKMPAE~U
?ModifyConfig@@YGPAMJGPAK~U
?ModifyMutantA@@YGPA_NMHFK~U
?CloseScreenOriginal@@YGXG~U
?SetSemaphoreNew@@YGPAJKEG~U
?IncrementTimer@@YGDMI~U
?EnumWindowInfoA@@YGFJPAGH~U
?RtlMemory@@YG_NPADPAFH~U
?LoadMessageNew@@YGPAGPAI~U
?CancelDateTime@@YGPAGMK~U
?GetConfigExW@@YGPAFGHI~U
?CancelMessageEx@@YGMM~U
?HideFullNameOriginal@@YGKIG~U
?InvalidateScreen@@YGKDDG~U
?IsNotDirectoryExW@@YGXNIF~U
?SendThreadOriginal@@YGENKM~U
?CloseComponent@@YG_NKGKM~U
?PutProcessExA@@YGJPADFPAE~U
?IncrementMonitorOld@@YGPADJFKPAF~U
?IsTextA@@YGPAXPA_N~U
?InsertWindowInfo@@YGMFPA_NE~U
?ShowKeyboardW@@YGFPAEGPAE~U
?FormatListItemExW@@YGX_NDPAME~U
?AddFilePathExA@@YGXDNPAMI~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36ff2e9f2b62200dc8efeab624f59fa1

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 304B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 712B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 304B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 712B