ad29a0a76e838600f02f231436f009d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad29a0a76e838600f02f231436f009d3_JaffaCakes118
Size

135KB
MD5

ad29a0a76e838600f02f231436f009d3
SHA1

7a0d652baaecb6a2d0c7465940a96bc91918dcf1
SHA256

2023a5eb038e6fa7e55697b6ce82703fe1856ace37246166c6db9b69ad23bc8a
SHA512

9906bc0e35f8c56e18e672c32b06ed4027349417040916732d2fd0a00032b3083a0db83a00372006e56f18102de75c3284884555d03be1e49cf2a740d9f750f6
SSDEEP

3072:EjKp3AatCTtmKvhH9VdEdXU7ZEAi0Gv7YHZE76VCLFUSbSES:X3bETAUnd8XU7Zpi5YHaVLan

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad29a0a76e838600f02f231436f009d3_JaffaCakes118

Files

ad29a0a76e838600f02f231436f009d3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

17996828936b4ea655b8d5a67dab4e24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\ksAzlxygSDvWsA\VkPjalxush\JrgOsviy\wcdCAhKH\TzOFfpuwzjCWw.pdb

Imports

ntoskrnl.exe

ExRaiseDatatypeMisalignment
RtlFindUnicodePrefix
ExAllocatePoolWithQuotaTag
MmGetSystemRoutineAddress
ExNotifyCallback
ExFreePoolWithTag
RtlGetVersion
PoUnregisterSystemState
ZwClose
IoSetThreadHardErrorMode
IoWMIWriteEvent
IoDeleteSymbolicLink
ZwMapViewOfSection
IoReadDiskSignature
IoStartPacket
IoCreateStreamFileObject
IoCheckEaBufferValidity
IoSetSystemPartition
PoRegisterSystemState
MmHighestUserAddress
ZwAllocateVirtualMemory
MmAllocateContiguousMemory
RtlCompareString
ExQueueWorkItem
IoRequestDeviceEject
MmUnmapReservedMapping
PsRevertToSelf
MmIsVerifierEnabled
MmSizeOfMdl
PoSetSystemState
RtlSetBits
MmResetDriverPaging
ZwDeviceIoControlFile
ExUnregisterCallback
ExAcquireResourceSharedLite
KeSetSystemAffinityThread
CcMdlWriteComplete
KeInsertQueueDpc
IoReleaseCancelSpinLock
RtlSetAllBits
ObfReferenceObject
SeTokenIsAdmin
ZwEnumerateValueKey
SeSinglePrivilegeCheck
ExGetSharedWaiterCount
MmBuildMdlForNonPagedPool
RtlLengthRequiredSid
IoFreeErrorLogEntry
RtlCopyLuid
IoGetTopLevelIrp
RtlFindClearBitsAndSet
KeInitializeSpinLock
IoRaiseHardError
IoDetachDevice
PsLookupProcessByProcessId
KeSetTargetProcessorDpc
RtlAppendUnicodeToString
KeInsertDeviceQueue
ZwPowerInformation
ExRaiseAccessViolation
CcMdlRead
RtlDeleteNoSplay
CcZeroData
IoInitializeIrp
IoGetDeviceInterfaceAlias
IoSetDeviceInterfaceState
RtlOemStringToUnicodeString
RtlAreBitsSet
KeInitializeMutex
ZwQueryValueKey
IoGetCurrentProcess
MmFreePagesFromMdl
CcPinMappedData
ZwWriteFile
ZwQueryVolumeInformationFile
CcPurgeCacheSection
KeInitializeDeviceQueue
IoSetHardErrorOrVerifyDevice
KeInitializeDpc
DbgPrompt
FsRtlFastUnlockSingle
PsDereferencePrimaryToken
RtlCreateAcl
CcMdlWriteAbort
SeUnlockSubjectContext
RtlIsNameLegalDOS8Dot3
RtlNumberOfClearBits
SeImpersonateClientEx
RtlFillMemoryUlong
IoInvalidateDeviceRelations
MmProbeAndLockPages
PsGetThreadProcessId
IoCreateDevice
KeWaitForSingleObject
FsRtlIsHpfsDbcsLegal
MmUnlockPagableImageSection
RtlUnicodeToOemN
RtlExtendedIntegerMultiply
RtlInitializeUnicodePrefix
IoConnectInterrupt
IoAcquireVpbSpinLock
RtlDeleteRegistryValue
RtlCompareMemory
MmSetAddressRangeModified
FsRtlIsNameInExpression
ExReleaseFastMutexUnsafe
PsReturnPoolQuota
PsGetVersion
MmFlushImageSection
ZwOpenFile
CcMdlReadComplete
IoSetStartIoAttributes
FsRtlMdlWriteCompleteDev
KeInitializeEvent
RtlValidSid
IoReleaseRemoveLockEx
RtlAnsiStringToUnicodeString
PoSetPowerState
RtlFindSetBits
IoVerifyPartitionTable
IoDisconnectInterrupt
ObOpenObjectByPointer
RtlCreateSecurityDescriptor
IoIsSystemThread
IoReleaseRemoveLockAndWaitEx
RtlFindLeastSignificantBit
KeSetKernelStackSwapEnable
IoWritePartitionTableEx
CcUnpinData
MmFreeMappingAddress
CcSetDirtyPinnedData
HalExamineMBR
PsImpersonateClient
RtlInitAnsiString
SeCaptureSubjectContext
CcUnpinRepinnedBcb
IoSetTopLevelIrp
ExInitializeResourceLite
IoGetAttachedDeviceReference
IoSetShareAccess
ZwDeleteValueKey
PoRequestPowerIrp
KeReleaseMutex
IoGetStackLimits
KeRemoveEntryDeviceQueue
ZwCreateEvent
RtlVerifyVersionInfo
CcFlushCache
ZwCreateDirectoryObject
IoAllocateAdapterChannel
PsIsThreadTerminating
ZwCreateKey
KeReleaseSemaphore
FsRtlGetNextFileLock
IoRegisterFileSystem
IofCompleteRequest
KeSetTimerEx
MmAdvanceMdl
PsLookupThreadByThreadId
RtlIntegerToUnicodeString
ExVerifySuite
MmPageEntireDriver
ZwQueryInformationFile
KeInitializeSemaphore
RtlAreBitsClear
IoInitializeTimer
MmUnlockPages
RtlInitializeSid
IoStartTimer
IoVolumeDeviceToDosName
IoRemoveShareAccess
KeRemoveQueue
ExAllocatePool
SeAccessCheck
IoCreateSymbolicLink
RtlUnicodeStringToAnsiString
IoBuildSynchronousFsdRequest
DbgBreakPointWithStatus
RtlRemoveUnicodePrefix
ExSetResourceOwnerPointer
RtlCopyString
RtlFreeOemString
RtlFreeUnicodeString
RtlInitializeGenericTable
RtlFreeAnsiString
IoWMIRegistrationControl
IoOpenDeviceRegistryKey
ZwCreateFile
ExRegisterCallback
CcFastMdlReadWait
ObReferenceObjectByHandle
KeQueryActiveProcessors
CcFastCopyRead
RtlHashUnicodeString
RtlInsertUnicodePrefix
ZwLoadDriver
ZwOpenSection
RtlUpcaseUnicodeToOemN
ZwOpenSymbolicLinkObject
IoStartNextPacket
ZwUnloadDriver
ExGetExclusiveWaiterCount
KeAttachProcess
SePrivilegeCheck
IoDeleteController
FsRtlFastCheckLockForRead
ExLocalTimeToSystemTime
CcSetFileSizes
SeQueryInformationToken
ExDeleteResourceLite
RtlCopySid
IoDeleteDevice
ZwMakeTemporaryObject
MmMapLockedPagesSpecifyCache
IoAllocateErrorLogEntry
RtlCopyUnicodeString
KeRevertToUserAffinityThread
ExSystemTimeToLocalTime
KeCancelTimer
KeDeregisterBugCheckCallback
RtlLengthSecurityDescriptor
ObfDereferenceObject
RtlTimeToTimeFields
MmLockPagableDataSection
RtlAnsiCharToUnicodeChar
MmUnmapIoSpace
ExCreateCallback
IoCsqRemoveIrp
CcFastCopyWrite
WmiQueryTraceInformation
RtlStringFromGUID
ZwQueryKey
KeQueryInterruptTime
IoUnregisterFileSystem
MmUnsecureVirtualMemory
IoSetDeviceToVerify
PsChargeProcessPoolQuota
IoInvalidateDeviceState
IoGetLowerDeviceObject
KeInitializeApc
RtlCompareUnicodeString
IoUpdateShareAccess
KeQueryTimeIncrement
ObReleaseObjectSecurity
SeOpenObjectAuditAlarm
MmSecureVirtualMemory
RtlxUnicodeStringToAnsiSize
KeRegisterBugCheckCallback
SeDeassignSecurity
PsCreateSystemThread
SeTokenIsRestricted
KeRestoreFloatingPointState
RtlQueryRegistryValues
PoCallDriver
IoStopTimer
IoGetAttachedDevice
RtlLengthSid
IoGetDmaAdapter
RtlCheckRegistryKey
CcPreparePinWrite
IoAllocateController

Exports

Exports

?HideTextOriginal@@YGPAXPAHKDPAK~U
?ShowListItemOriginal@@YGJN~U
?FindDataA@@YGMHG~U
?KillListItemExA@@YGGE~U
?SendMutantOld@@YGPA_NPAIPAD~U
?CrtStateEx@@YGPAXPAHFPAG~U
?DeleteDataW@@YGPAXJFNPAD~U
?Profile@@YGXK~U
?RemoveFullName@@YGFJJHPAH~U
?FormatTextExW@@YGDE~U
?OnTimer@@YGXKEPAI~U
?SendProjectEx@@YGPAHD~U
?LoadStateOld@@YGPAXPAH~U
?Version@@YGXPAIPAMMH~U
?DecrementDataW@@YGMKPAD_N~U
?EnumCommandLineA@@YGPAKPADPAKF_N~U
?DeleteComponentW@@YGPAEGPAMPAF~U
?InstallMutexOld@@YGPAHMPAGPAD~U
?StringNew@@YGJDDK~U
?InsertSizeOld@@YGGPAGH~U
?CrtComponentNew@@YGPAEEMK~U
?GenerateHeightW@@YGPAJPAIJF~U
?DecrementSectionOld@@YGG_NF_NF~U
?DeleteClassExW@@YGIJFJ~U
?ModifyNameExW@@YGPANI~U
?CancelPointExW@@YGMPAKF~U
?FormatListItemNew@@YGKIFF~U
?CopyTask@@YGKPAHPAJJH~U
?PutKeyNameExW@@YGIPA_NPAI~U
?InvalidateSizeOriginal@@YGPAHPAGE~U
?EnumPathEx@@YGJPAM~U
?IncrementStateExA@@YGXHH~U
?InsertHeaderNew@@YGXPAEPAJ~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17996828936b4ea655b8d5a67dab4e24

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 656B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 684B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 656B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 684B