b4f1c7dab08a4b7554685b0e6df23fae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4f1c7dab08a4b7554685b0e6df23fae_JaffaCakes118
Size

106KB
MD5

b4f1c7dab08a4b7554685b0e6df23fae
SHA1

91ddde6ae40089c1f954bc8c03b4cee05ff77e2e
SHA256

7aa9ec6ea9b3c2a9dca22fa979bd784ebeae6af614b8d0e16137819895c914f2
SHA512

5b022442a777d457799bb0a817c0acfc2c4b0958d32c54a34c7976368788dfc44c96be45d6b41f60d573e9b0905b3e76bdc6a13ea90901696700931f1dc214e7
SSDEEP

1536:t7JRLRHklS/uCPh2DeOcgiVHN7ILQZ2DIDqZBPHOCwHUg4d:t7JNiS/TP0XeVHNo/cOZBYHUg+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4f1c7dab08a4b7554685b0e6df23fae_JaffaCakes118

Files

b4f1c7dab08a4b7554685b0e6df23fae_JaffaCakes118
.dll windows:5 windows x86 arch:x86

721d3ad8a2ad2b3b370a45b5c20800f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L:\NarcmaxculGbb\gJuopNNnqaQS\psNEfomokKjSXo.pdb

Imports

ntoskrnl.exe

CcRemapBcb
RtlClearBits
RtlUpcaseUnicodeChar
RtlCopyLuid
RtlCompareString
RtlEnumerateGenericTable
ZwCreateSection
KeQueryTimeIncrement
MmAllocateNonCachedMemory
ZwOpenSymbolicLinkObject
KeReleaseSemaphore
KeSetTimerEx
SeCreateClientSecurity
IoOpenDeviceRegistryKey
KeReadStateEvent
KeEnterCriticalRegion
IoGetRelatedDeviceObject
RtlSetAllBits
RtlHashUnicodeString
PsGetCurrentThread
RtlTimeToSecondsSince1970
IoGetDeviceObjectPointer
ExSetTimerResolution
RtlSetDaclSecurityDescriptor
RtlFindClearRuns
KeStackAttachProcess
IoStartTimer
FsRtlIsFatDbcsLegal
PsSetLoadImageNotifyRoutine
PoRegisterSystemState
KeRemoveQueue
RtlCompareUnicodeString
IoCheckEaBufferValidity
KeRemoveEntryDeviceQueue
FsRtlIsDbcsInExpression
KeCancelTimer
IoCreateSynchronizationEvent
KeInitializeSpinLock
MmUnlockPages
IoDeleteController
ExNotifyCallback
RtlCompareMemory
SeDeassignSecurity
ZwQueryObject
ZwDeleteKey
KeInsertHeadQueue
IoCheckQuotaBufferValidity
ObCreateObject
RtlRemoveUnicodePrefix
RtlInitAnsiString
RtlAppendStringToString
KeRegisterBugCheckCallback
DbgBreakPointWithStatus
IoSetShareAccess
MmProbeAndLockPages
MmIsAddressValid
IoReleaseCancelSpinLock
IoSetHardErrorOrVerifyDevice
MmAllocateContiguousMemory
IoBuildSynchronousFsdRequest
ExAcquireResourceSharedLite
IoCreateFile
RtlUpperChar
MmSizeOfMdl
KeGetCurrentThread
RtlSecondsSince1970ToTime
KeQuerySystemTime
ExReleaseFastMutexUnsafe
IoAllocateMdl
ZwFlushKey
KeReadStateTimer
IoGetRequestorProcessId
SeAssignSecurity
IoReuseIrp
IoRegisterDeviceInterface
ZwQuerySymbolicLinkObject
ExSystemTimeToLocalTime
MmGetSystemRoutineAddress
ZwCreateDirectoryObject
RtlInitializeGenericTable
RtlInitializeUnicodePrefix
PsLookupProcessByProcessId
MmFreeNonCachedMemory
PoRequestPowerIrp
RtlAreBitsSet
ObGetObjectSecurity
KeReadStateMutex
RtlAppendUnicodeToString
IoRemoveShareAccess
RtlLengthSecurityDescriptor
RtlFillMemoryUlong
CcCopyRead
IoGetCurrentProcess
RtlFindClearBitsAndSet
ExRegisterCallback
IoQueueWorkItem
RtlFindSetBits
MmQuerySystemSize
SeAccessCheck
ZwReadFile
FsRtlCheckOplock
KeInitializeDeviceQueue
ZwClose
FsRtlCheckLockForReadAccess
MmIsVerifierEnabled
RtlStringFromGUID
ExFreePoolWithTag
ZwOpenSection
ZwOpenKey
KeInsertQueueDpc
ObReleaseObjectSecurity
ExVerifySuite
KdDisableDebugger
PoSetSystemState
ExReinitializeResourceLite
RtlTimeToSecondsSince1980
ExLocalTimeToSystemTime
ZwEnumerateKey
IoAllocateErrorLogEntry
IoFreeController
CcFastCopyRead
IoSetSystemPartition
RtlCopyString
RtlCreateUnicodeString
IoCheckShareAccess
IoMakeAssociatedIrp
IoDeviceObjectType
CcCopyWrite
KeWaitForSingleObject
IoFreeWorkItem
IoGetDeviceInterfaceAlias
IoReportDetectedDevice
ProbeForRead
RtlFreeAnsiString
FsRtlIsHpfsDbcsLegal
ZwOpenFile
IoGetDeviceToVerify
RtlCreateSecurityDescriptor
FsRtlFastCheckLockForRead
KeSaveFloatingPointState
MmResetDriverPaging
RtlAnsiCharToUnicodeChar
IoWriteErrorLogEntry
KeBugCheck
KeResetEvent
IoIsSystemThread
MmUnmapLockedPages
RtlOemStringToUnicodeString
MmBuildMdlForNonPagedPool
ExAcquireFastMutexUnsafe
KePulseEvent
IoAttachDeviceToDeviceStack
CcFastCopyWrite
IoGetStackLimits
KeSetTargetProcessorDpc
ObReferenceObjectByPointer
FsRtlIsTotalDeviceFailure
RtlFindClearBits
FsRtlAllocateFileLock
RtlMultiByteToUnicodeN
ZwFsControlFile
PsGetCurrentProcess
MmSecureVirtualMemory
IoGetDeviceProperty
KeSetTimer
ExAllocatePoolWithQuotaTag
RtlNtStatusToDosError
KeInitializeSemaphore
KeFlushQueuedDpcs
IoReportResourceForDetection
KeUnstackDetachProcess
RtlFindLeastSignificantBit
ZwQueryKey
RtlFindNextForwardRunClear
KeInitializeTimerEx
RtlUpcaseUnicodeToOemN
KeInsertDeviceQueue
IoGetAttachedDeviceReference
KeRestoreFloatingPointState
ZwCreateKey
IoCancelIrp
IoCreateSymbolicLink
KdEnableDebugger
RtlSecondsSince1980ToTime
IoRequestDeviceEject
CcZeroData
ExSetResourceOwnerPointer
ZwAllocateVirtualMemory
MmFreePagesFromMdl
MmMapLockedPagesSpecifyCache
IoAcquireCancelSpinLock
RtlGetNextRange
RtlUnicodeStringToAnsiString
RtlFindMostSignificantBit
ObReferenceObjectByHandle
RtlQueryRegistryValues
CcDeferWrite
MmFreeContiguousMemory
ExReleaseResourceLite
RtlWriteRegistryValue
IoGetBootDiskInformation
MmPageEntireDriver
KeRemoveQueueDpc
RtlVerifyVersionInfo
SeDeleteObjectAuditAlarm
KeInitializeDpc
IoFreeIrp
IoInitializeTimer
RtlGetVersion
RtlSubAuthoritySid
IoInvalidateDeviceState
RtlDeleteRegistryValue
IoGetDriverObjectExtension
ExRaiseAccessViolation
IoFreeMdl
RtlFindLastBackwardRunClear
KeInitializeApc
MmUnlockPagableImageSection
IoSetThreadHardErrorMode
KeSynchronizeExecution
RtlUpcaseUnicodeString
IoDeleteSymbolicLink
KeRundownQueue
ZwQueryValueKey
FsRtlGetNextFileLock
RtlInitString
MmMapIoSpace
IoIsWdmVersionAvailable
PsLookupThreadByThreadId
RtlAreBitsClear
ExGetPreviousMode
MmHighestUserAddress
RtlAddAccessAllowedAceEx
RtlInitializeBitMap
RtlDowncaseUnicodeString
MmGetPhysicalAddress
IoGetAttachedDevice
RtlCreateRegistryKey
IoGetDmaAdapter
RtlInsertUnicodePrefix
SeCaptureSubjectContext
PsCreateSystemThread
KeReadStateSemaphore
MmAdvanceMdl
ZwMapViewOfSection
RtlCheckRegistryKey
CcSetBcbOwnerPointer
ExInitializeResourceLite
RtlFindLongestRunClear
ZwCreateFile
IoStopTimer
IoInvalidateDeviceRelations
ExGetSharedWaiterCount
IoConnectInterrupt
RtlUnicodeToMultiByteN
RtlSetBits
RtlNumberOfClearBits
MmCanFileBeTruncated
ExDeletePagedLookasideList
RtlUpperString
ProbeForWrite
RtlPrefixUnicodeString
MmSetAddressRangeModified
IoCreateNotificationEvent
FsRtlSplitLargeMcb
RtlValidSecurityDescriptor

Sections

.text
Size: 24KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 279B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

721d3ad8a2ad2b3b370a45b5c20800f0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 24KB - Virtual size: 56KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 512B - Virtual size: 512B

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 279B

.data Size: 36KB - Virtual size: 36KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 668B

.text
Size: 24KB - Virtual size: 56KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 512B - Virtual size: 512B

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 279B

.data
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 668B