adaf927ff6fa3e9aef902ab50cebccb2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

adaf927ff6fa3e9aef902ab50cebccb2_JaffaCakes118
Size

183KB
MD5

adaf927ff6fa3e9aef902ab50cebccb2
SHA1

d5f0e2d024c8908114975070bcf341e6373e2abc
SHA256

eb9ff2b9e1dd3b92f1addff2c677adeaefe02344055348da4a223b7682794e6b
SHA512

c8868059c5b062720eb49c4779ce5656a91deb5409a67b67e9cd42be5a0a83aee97a574eb39ddba07ccff400882fb8179b8f4581962d051b3b58215b6c9db780
SSDEEP

3072:+NmbBQ01PLFa+KJ46sKgfexWlyK4yOTFO+HLJJedbVTQiJTfZl:OyC01PLaJ3VgACyZTFOELDqTJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adaf927ff6fa3e9aef902ab50cebccb2_JaffaCakes118

Files

adaf927ff6fa3e9aef902ab50cebccb2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

104544ec7b8fd5109f561119852cd215

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\NPscawztxV\lGGEFFr\vpgqylo\tpRBAROjdzznk.pdb

Imports

ntoskrnl.exe

MmHighestUserAddress
MmForceSectionClosed
MmUnmapIoSpace
ZwOpenProcess
IoReleaseRemoveLockAndWaitEx
ObMakeTemporaryObject
ObfReferenceObject
CcRemapBcb
IoQueryFileDosDeviceName
SeDeleteObjectAuditAlarm
IoGetCurrentProcess
IoGetStackLimits
ExDeletePagedLookasideList
IoRegisterDeviceInterface
SeAccessCheck
ObInsertObject
RtlAreBitsClear
SePrivilegeCheck
SeQueryAuthenticationIdToken
IoMakeAssociatedIrp
RtlFreeAnsiString
RtlCopySid
PsGetProcessExitTime
ObGetObjectSecurity
IoAllocateController
KeRundownQueue
KeSynchronizeExecution
ZwDeviceIoControlFile
SeAssignSecurity
ZwMapViewOfSection
IoInitializeTimer
CcFastMdlReadWait
ZwEnumerateValueKey
IoGetDeviceToVerify
IoAcquireCancelSpinLock
RtlUpcaseUnicodeString
ZwCreateFile
ProbeForWrite
IoWriteErrorLogEntry
ObCreateObject
MmIsVerifierEnabled
SeSetSecurityDescriptorInfo
MmAdvanceMdl
PoRegisterSystemState
SeCaptureSubjectContext
RtlFillMemoryUlong
IoFreeIrp
PsGetCurrentProcessId
IoEnumerateDeviceObjectList
PsChargeProcessPoolQuota
ExRaiseAccessViolation
RtlInitString
KeInitializeMutex
SeValidSecurityDescriptor
DbgBreakPoint
RtlCopyString
KeQueryTimeIncrement
KeSaveFloatingPointState
IoSetDeviceToVerify
PsGetCurrentProcess
IoGetRequestorProcess
RtlDeleteElementGenericTable
ObReferenceObjectByPointer
IoUnregisterFileSystem
IoGetDriverObjectExtension
CcFastCopyRead
WmiQueryTraceInformation
ZwQueryKey
MmFreeMappingAddress
MmUnlockPages
IofCompleteRequest
IoFreeController
MmUnsecureVirtualMemory
PoUnregisterSystemState
ExGetSharedWaiterCount
MmLockPagableDataSection
ExNotifyCallback
RtlCreateSecurityDescriptor
IoSetDeviceInterfaceState
RtlFindNextForwardRunClear
ZwQueryVolumeInformationFile
RtlFindSetBits
IoGetLowerDeviceObject
IoCreateDevice
IoDisconnectInterrupt
KeGetCurrentThread
IoQueryFileInformation
SeTokenIsRestricted
KeReadStateSemaphore
KeSetTimerEx
CcUninitializeCacheMap
FsRtlIsDbcsInExpression
FsRtlLookupLastLargeMcbEntry
CcMdlWriteAbort
MmQuerySystemSize
CcPreparePinWrite
RtlDowncaseUnicodeString
MmAllocateMappingAddress
DbgBreakPointWithStatus
RtlGenerate8dot3Name
SeFilterToken
RtlSetBits
ExAllocatePoolWithQuota
KeEnterCriticalRegion
ExUuidCreate
ObReleaseObjectSecurity
RtlFindClearBitsAndSet
ExReinitializeResourceLite
RtlFreeUnicodeString
RtlTimeToSecondsSince1980
KefAcquireSpinLockAtDpcLevel
MmPageEntireDriver
KeInitializeSemaphore
RtlCreateRegistryKey
CcGetFileObjectFromBcb
SeOpenObjectAuditAlarm
IoRegisterFileSystem
ZwQuerySymbolicLinkObject
KeUnstackDetachProcess
IoReadDiskSignature
RtlInitAnsiString
PsGetCurrentThread
RtlGetNextRange
FsRtlCheckOplock
ZwDeleteValueKey
IoSetThreadHardErrorMode
IoGetAttachedDevice
IoVerifyVolume
MmGetPhysicalAddress
MmResetDriverPaging
IoIsWdmVersionAvailable
ZwFreeVirtualMemory
ExIsProcessorFeaturePresent
IoReadPartitionTableEx
MmUnmapLockedPages
IoIsOperationSynchronous
IoAllocateMdl
KeCancelTimer
KeResetEvent
CcMdlReadComplete
IoQueueWorkItem
RtlLengthRequiredSid
PsIsThreadTerminating
MmLockPagableSectionByHandle
MmGetSystemRoutineAddress
RtlxOemStringToUnicodeSize
IoBuildSynchronousFsdRequest
IoCheckQuotaBufferValidity
FsRtlFreeFileLock
KeSetPriorityThread
PoCallDriver
ExAcquireResourceSharedLite
ExCreateCallback
KeQuerySystemTime
RtlEqualSid
RtlUnicodeStringToInteger
RtlTimeToTimeFields
PsRevertToSelf
SeLockSubjectContext
RtlInitializeBitMap
CcDeferWrite
IoUpdateShareAccess
MmMapIoSpace
RtlUpcaseUnicodeChar
IoVerifyPartitionTable
RtlCompareString
ExQueueWorkItem
KeWaitForSingleObject
RtlGetCallersAddress
KeInitializeTimer
KeSetEvent
KeSetKernelStackSwapEnable
RtlWriteRegistryValue
KeClearEvent
RtlHashUnicodeString
MmAllocatePagesForMdl
RtlVerifyVersionInfo
MmIsDriverVerifying
KeRegisterBugCheckCallback
IoGetDeviceInterfaces
RtlSplay
ZwMakeTemporaryObject
RtlUpperString
IoThreadToProcess
MmSetAddressRangeModified
ExGetPreviousMode
IoRaiseHardError
SeFreePrivileges
IoReadPartitionTable
MmMapLockedPages
IoAllocateAdapterChannel
RtlMultiByteToUnicodeN
ZwOpenSection
IoQueryDeviceDescription
ExDeleteResourceLite
ZwOpenKey
IoSetStartIoAttributes
IoCsqRemoveIrp
ZwCreateKey
ZwQueryObject
KeInitializeSpinLock
FsRtlSplitLargeMcb
IoSetTopLevelIrp
VerSetConditionMask
ExDeleteNPagedLookasideList
ZwEnumerateKey
IoDeleteSymbolicLink
RtlFindLastBackwardRunClear
CcFlushCache
IoInitializeIrp
FsRtlIsHpfsDbcsLegal
KeRestoreFloatingPointState
IoAllocateErrorLogEntry
RtlGetVersion
ZwUnloadDriver
ProbeForRead
IoGetDeviceProperty
ZwDeleteKey
IoCreateNotificationEvent
KeInitializeDeviceQueue
SeTokenIsAdmin
KeReadStateTimer
RtlFindLongestRunClear
ZwReadFile
RtlCharToInteger
ZwFsControlFile
KeInsertByKeyDeviceQueue
MmAllocateNonCachedMemory
HalExamineMBR
IoReleaseCancelSpinLock
KeRemoveQueueDpc
MmFreeNonCachedMemory
MmUnlockPagableImageSection
IoAllocateIrp
PsGetVersion
RtlInsertUnicodePrefix
KeQueryActiveProcessors
RtlTimeFieldsToTime
KeBugCheckEx
FsRtlFastCheckLockForRead
KeInsertHeadQueue
ZwCreateEvent
ZwSetVolumeInformationFile
RtlLengthSecurityDescriptor
PsCreateSystemThread
RtlxUnicodeStringToAnsiSize
ExFreePool
MmMapLockedPagesSpecifyCache
RtlEqualUnicodeString
IoGetBootDiskInformation
IoSetSystemPartition
RtlSetDaclSecurityDescriptor
FsRtlNotifyInitializeSync
RtlDeleteNoSplay
MmCanFileBeTruncated
CcMdlWriteComplete
SeSinglePrivilegeCheck
MmSizeOfMdl
FsRtlDeregisterUncProvider
IoGetDiskDeviceObject
IoGetTopLevelIrp

Exports

Exports

?PutMutexOriginal@@IJMDFFJ@X

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

104544ec7b8fd5109f561119852cd215

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 40KB - Virtual size: 40KB

.init Size: - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 800B

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 40KB - Virtual size: 40KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 800B