b674d80c08aef1db9e4b3789fd75e505_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b674d80c08aef1db9e4b3789fd75e505_JaffaCakes118
Size

65KB
MD5

b674d80c08aef1db9e4b3789fd75e505
SHA1

0bafdb8e06095391459055212c26411309b18b22
SHA256

5d500ce9570c4b1d89df0878a1015659a59ed625a71d6c5c19b3e35eeb59fc72
SHA512

3ed42d2ecb5bc0fd9f0f2cc3f449ab027979ddca64c31c03123ee355ec4b8f5a9a56c6a52408cea11e3911e0f8a3b1f4d37c54790e150437258dddbc14997d65
SSDEEP

1536:cPrXOMjEdHaJKwhu3gzo1+M/HwubVZoGbYAg:UTbjElaJhDMBH9VZoGbYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b674d80c08aef1db9e4b3789fd75e505_JaffaCakes118

Files

b674d80c08aef1db9e4b3789fd75e505_JaffaCakes118
.dll windows:5 windows x86 arch:x86

87c5bf1c9055b0afe2b573f58dd6ff78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\iPEbaIncpPZ\nxnqmVivkaAi\pgeppnXpORbys.pdb

Imports

ntoskrnl.exe

FsRtlCheckLockForReadAccess
KeAttachProcess
IoUnregisterFileSystem
IoCheckQuotaBufferValidity
ZwFsControlFile
KePulseEvent
ZwQueryVolumeInformationFile
IoQueryFileDosDeviceName
IoGetDeviceAttachmentBaseRef
CcInitializeCacheMap
RtlInt64ToUnicodeString
ZwFreeVirtualMemory
CcSetFileSizes
RtlCreateRegistryKey
IoReleaseCancelSpinLock
KeWaitForSingleObject
RtlAppendUnicodeToString
MmHighestUserAddress
IoThreadToProcess
RtlSecondsSince1970ToTime
ZwSetSecurityObject
MmAllocateMappingAddress
RtlPrefixUnicodeString
FsRtlSplitLargeMcb
FsRtlNotifyInitializeSync
IoCreateNotificationEvent
ObfDereferenceObject
IoCreateSymbolicLink
IoGetDeviceProperty
MmBuildMdlForNonPagedPool
RtlCopyUnicodeString
IoGetDriverObjectExtension
IoReleaseRemoveLockAndWaitEx
ZwNotifyChangeKey
ExRegisterCallback
PsImpersonateClient
FsRtlDeregisterUncProvider
IoReportDetectedDevice
KeBugCheck
FsRtlIsTotalDeviceFailure
MmUnsecureVirtualMemory
ObfReferenceObject
ExSystemTimeToLocalTime
IoCreateDevice
IoGetTopLevelIrp
KeQueryTimeIncrement
KeQueryInterruptTime
IoSetTopLevelIrp
DbgBreakPoint
KeRemoveQueue
ZwPowerInformation
PsGetCurrentProcess
IoStopTimer
RtlEqualString
IoDisconnectInterrupt
IoAcquireRemoveLockEx
IoAcquireCancelSpinLock
RtlMapGenericMask
IoReuseIrp
RtlCharToInteger
RtlAddAccessAllowedAce
RtlLengthSecurityDescriptor
ZwDeleteValueKey
ZwMakeTemporaryObject
IoSetDeviceToVerify
IoCreateSynchronizationEvent
CcZeroData
FsRtlNotifyUninitializeSync
PoCallDriver
ZwLoadDriver
ZwQueryObject
IoAllocateAdapterChannel
RtlFindClearRuns
ZwOpenSection
SeAccessCheck
CcPinMappedData
CcUninitializeCacheMap
PsTerminateSystemThread
IoGetDeviceToVerify
SeTokenIsAdmin
IoGetDiskDeviceObject
FsRtlMdlWriteCompleteDev
CcPinRead
KeRemoveEntryDeviceQueue
KeRemoveDeviceQueue
RtlSetAllBits
ExLocalTimeToSystemTime
ExUuidCreate
PsChargeProcessPoolQuota
MmMapIoSpace
SeCreateClientSecurity
IoFreeController
IoFreeWorkItem
SeFreePrivileges
ExReleaseFastMutexUnsafe
RtlFreeUnicodeString
ExQueueWorkItem
IoRegisterFileSystem
RtlFreeOemString
ZwMapViewOfSection
VerSetConditionMask
KeStackAttachProcess
ZwQuerySymbolicLinkObject
PsReturnPoolQuota
MmAddVerifierThunks
IoRaiseHardError
MmAllocatePagesForMdl
KeInitializeEvent
CcFlushCache
SeQueryInformationToken
KefAcquireSpinLockAtDpcLevel
MmMapUserAddressesToPage
RtlAddAccessAllowedAceEx
KeSaveFloatingPointState
RtlFindLeastSignificantBit
ExAllocatePoolWithQuotaTag
RtlCreateAcl
RtlSubAuthoritySid
ZwDeleteKey
KeInitializeDpc
IoQueryFileInformation
IoIsWdmVersionAvailable
ZwOpenSymbolicLinkObject
KdDisableDebugger
RtlUpperChar
ExAllocatePoolWithQuota
KeSetKernelStackSwapEnable
SeDeassignSecurity
CcCopyRead
PoSetSystemState
IoAllocateMdl
MmIsVerifierEnabled
RtlUpperString
ProbeForRead
CcSetReadAheadGranularity
CcUnpinDataForThread
RtlInitAnsiString
ZwFlushKey
RtlAreBitsClear
IoCreateStreamFileObjectLite
ExVerifySuite
ZwUnloadDriver
KeSetBasePriorityThread
KeInitializeTimerEx
RtlDeleteRegistryValue
KeSetImportanceDpc
CcFastCopyRead
IoGetDeviceInterfaceAlias
PsGetProcessExitTime
IoGetRequestorProcessId
IoOpenDeviceRegistryKey
ZwCreateDirectoryObject
RtlDowncaseUnicodeString
RtlFindLastBackwardRunClear
ZwOpenKey
SeTokenIsRestricted
RtlCopySid
MmUnmapReservedMapping
PoUnregisterSystemState
RtlMultiByteToUnicodeN
CcCopyWrite
PsGetThreadProcessId
IoDeleteController
ExCreateCallback
ZwWriteFile
RtlTimeFieldsToTime
KeGetCurrentThread
IoGetDeviceInterfaces
IoReleaseVpbSpinLock
IoRequestDeviceEject
ExDeleteNPagedLookasideList
FsRtlGetNextFileLock
KeSetSystemAffinityThread
MmAdvanceMdl
IoReleaseRemoveLockEx
IoRegisterDeviceInterface
IoGetBootDiskInformation
RtlSetDaclSecurityDescriptor
CcIsThereDirtyData
KeInsertQueue
ZwQueryValueKey
CcFastCopyWrite
ZwReadFile
MmUnmapLockedPages
KeCancelTimer
MmProbeAndLockProcessPages
ObQueryNameString
ObReferenceObjectByPointer
KeFlushQueuedDpcs
KeInitializeSemaphore
IoGetStackLimits
RtlUpcaseUnicodeToOemN
RtlStringFromGUID
KeReadStateSemaphore
FsRtlIsHpfsDbcsLegal
IoAcquireVpbSpinLock
RtlCheckRegistryKey
MmMapLockedPagesSpecifyCache
IoGetAttachedDeviceReference
SeQueryAuthenticationIdToken
MmCanFileBeTruncated
CcUnpinData
IoSetThreadHardErrorMode
ExGetPreviousMode
RtlRemoveUnicodePrefix
IoInitializeIrp
DbgBreakPointWithStatus
PsGetCurrentProcessId
RtlExtendedIntegerMultiply
SeSinglePrivilegeCheck
ZwSetVolumeInformationFile
KeClearEvent
KeInitializeTimer
IoSetHardErrorOrVerifyDevice
RtlInitializeUnicodePrefix
KeReadStateMutex
CcPreparePinWrite
ZwQueryInformationFile
HalExamineMBR
KeRestoreFloatingPointState
PoSetPowerState
KeQueryActiveProcessors
KeRegisterBugCheckCallback
SeAssignSecurity
ExGetExclusiveWaiterCount
RtlxOemStringToUnicodeSize
KeSetTimerEx
SeValidSecurityDescriptor
MmIsThisAnNtAsSystem
RtlIntegerToUnicodeString
ProbeForWrite
RtlFindUnicodePrefix
ZwClose
KeUnstackDetachProcess
IoSetPartitionInformation
KeSynchronizeExecution
RtlAnsiCharToUnicodeChar
RtlInitializeBitMap
IoQueueWorkItem
RtlCreateSecurityDescriptor
IoSetDeviceInterfaceState
MmFreeNonCachedMemory
RtlVolumeDeviceToDosName
IoVerifyPartitionTable
ObReleaseObjectSecurity
FsRtlFreeFileLock
RtlNtStatusToDosError
RtlInitializeGenericTable
MmLockPagableDataSection
MmFreeMappingAddress
ObMakeTemporaryObject
SeCaptureSubjectContext
SePrivilegeCheck
ExAcquireResourceSharedLite
CcCanIWrite

Exports

Exports

?MessageOriginal@@YGHD~U
?ValidateModule@@YGJPAKPAE~U
?CopyMessageOriginal@@YGFHI_NN~U
?AddListExW@@YGHGK~U
?ModifyKeyboardExA@@YGPAJPAIHG~U
?IsNotEvent@@YGDHPAHHE~U
?InsertKeyNameA@@YGPAXKFPAIM~U
?IsNotNameNew@@YGPAMPAHI~U
?RemoveRectW@@YGJK~U
?CallProfileExA@@YGFG_N~U
?LoadProcessNew@@YGPAMPAJEKN~U
?ValidateWindowOriginal@@YGNPAJEPAEN~U
?FormatTimerOld@@YGXMD~U
?CrtExpressionEx@@YGE_NED~U
?InvalidateRectOriginal@@YGKH~U
?InvalidateWidth@@YGDMHFPAE~U
?ShowKeyboardNew@@YG_NIPADK~U
?KillModuleOriginal@@YGMMJ~U
?DeleteStringA@@YGPAEPAKDE~U
?ValidateSemaphoreOriginal@@YGGDD~U
?CloseArgumentExW@@YGJPAKKMPAK~U
?LoadSectionA@@YGJJ~U
?GlobalSemaphoreOld@@YGXHE~U
?FindSemaphoreNew@@YGXPAFJKE~U
?CrtWindowOriginal@@YGHFE~U
?SetListItemEx@@YGPAIPAMJ~U
?OnProviderOld@@YGPAKJPAFPANPAM~U
?CopyTaskOld@@YGPAIPAK~U
?DecrementMutantExW@@YGPAFPAM~U
?CancelMemoryNew@@YGPAJPAGJKH~U
?SendSectionW@@YGPAGID~U
?FormatPointExA@@YGPAXPAIPAH~U
?CopyPointW@@YGPAXPAD_N~U
?FreeTaskNew@@YGPAMPAFH~U
?EnumDateTimeA@@YGNGEFH~U
?RemoveEventExA@@YGHGNI~U
?IsFileW@@YG_N_NE_NPAD~U
?GetHeaderA@@YGXFE~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 407B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87c5bf1c9055b0afe2b573f58dd6ff78

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1024B - Virtual size: 1024B

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 407B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1024B - Virtual size: 1024B

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 407B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 704B