bd416e0035d226a7db20cf1ae15e1219_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd416e0035d226a7db20cf1ae15e1219_JaffaCakes118
Size

135KB
MD5

bd416e0035d226a7db20cf1ae15e1219
SHA1

d0dcc44a9c284af628b69280ad73c57247d575c4
SHA256

b89bccd6c05870d85c49bb2c4a9efe734491260625fda590db9e3460bf3c7bf8
SHA512

6ffe8d6e7a182d33960953f12c946b53d10dcb9f21a419a6d00a5d270dff96f98d1434f00d829336ef3b018f69d78f1871a7f062affec70e7f0ff97e3fffa987
SSDEEP

3072:6aZ1kgcVJZ7KvllCpYnv7YHZE76VCLFUSbSES:fc3kv+pKYHaVLan

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd416e0035d226a7db20cf1ae15e1219_JaffaCakes118

Files

bd416e0035d226a7db20cf1ae15e1219_JaffaCakes118
.dll windows:5 windows x86 arch:x86

aa0350e283ac124f103c56e80e883758

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\PrJKXdl\fLnMeanmixw\vkwogFxv.pdb

Imports

ntoskrnl.exe

RtlAreBitsClear
RtlPrefixUnicodeString
IoSetStartIoAttributes
IoGetDeviceObjectPointer
ZwQueryObject
MmPageEntireDriver
MmLockPagableDataSection
RtlClearAllBits
RtlTimeFieldsToTime
RtlNumberOfClearBits
KeRemoveByKeyDeviceQueue
IoIsOperationSynchronous
CcCopyWrite
PoRegisterSystemState
RtlFillMemoryUlong
ZwCreateEvent
RtlInitializeSid
ObQueryNameString
ZwFreeVirtualMemory
RtlInt64ToUnicodeString
SeFreePrivileges
RtlCreateSecurityDescriptor
IoReuseIrp
ExRaiseDatatypeMisalignment
RtlCompareUnicodeString
CcFlushCache
RtlValidSid
IoMakeAssociatedIrp
ExSystemTimeToLocalTime
CcRepinBcb
RtlWriteRegistryValue
IoQueryFileInformation
KeInitializeTimerEx
IoInvalidateDeviceState
DbgBreakPoint
IoUpdateShareAccess
RtlUpcaseUnicodeChar
KeRemoveQueue
ZwOpenKey
KeBugCheck
FsRtlNotifyUninitializeSync
RtlTimeToSecondsSince1970
PsIsThreadTerminating
KdDisableDebugger
ExGetSharedWaiterCount
ZwQueryKey
CcCopyRead
SeAccessCheck
ExFreePoolWithTag
FsRtlIsDbcsInExpression
CcMdlWriteAbort
IoCheckEaBufferValidity
ZwQueryInformationFile
IoReportResourceForDetection
FsRtlCheckOplock
RtlInitString
RtlLengthSid
IoGetRelatedDeviceObject
MmIsThisAnNtAsSystem
IoStopTimer
IoAllocateMdl
RtlMultiByteToUnicodeN
PsGetThreadProcessId
MmFlushImageSection
KeInitializeMutex
KeLeaveCriticalRegion
CcPinMappedData
IoGetDmaAdapter
MmAdvanceMdl
ExFreePool
IoCheckShareAccess
MmUnlockPages
CcSetFileSizes
MmGetSystemRoutineAddress
KeSetKernelStackSwapEnable
ZwPowerInformation
RtlSubAuthoritySid
MmProbeAndLockPages
SeReleaseSubjectContext
RtlGUIDFromString
MmAllocateMappingAddress
RtlFindClearRuns
IoCancelIrp
KeInsertByKeyDeviceQueue
RtlAppendUnicodeToString
IoVerifyPartitionTable
HalExamineMBR
IoAllocateAdapterChannel
IoCreateDevice
PsGetProcessId
ExReleaseFastMutexUnsafe
ExUnregisterCallback
KeInitializeEvent
KeGetCurrentThread
KeSetImportanceDpc
KeInitializeTimer
KeSetPriorityThread
ExInitializeResourceLite
KeInitializeQueue
ProbeForRead
IoGetDeviceProperty
ExAllocatePoolWithQuota
KeInitializeDeviceQueue
ObReferenceObjectByPointer
CcMdlReadComplete
RtlAddAccessAllowedAce
IoInitializeTimer
RtlxUnicodeStringToAnsiSize
RtlRemoveUnicodePrefix
RtlDeleteRegistryValue
ZwDeviceIoControlFile
IoFreeWorkItem
KeAttachProcess
PsGetCurrentProcess
IoCheckQuotaBufferValidity
FsRtlCheckLockForWriteAccess
IoGetDriverObjectExtension
IoReleaseRemoveLockAndWaitEx
PsReturnPoolQuota
PoSetSystemState
ExAllocatePool
KeReadStateTimer
RtlSetAllBits
SePrivilegeCheck
CcFastCopyRead
IoCreateNotificationEvent
ObReleaseObjectSecurity
IofCompleteRequest
MmIsAddressValid
PsGetVersion
RtlLengthSecurityDescriptor
MmSizeOfMdl
IoEnumerateDeviceObjectList
IoAcquireCancelSpinLock
IoGetRequestorProcess
CcSetReadAheadGranularity
CcInitializeCacheMap
IoDeleteDevice
IoBuildPartialMdl
ExDeletePagedLookasideList
MmSecureVirtualMemory
IoRegisterFileSystem
IoInitializeIrp
RtlFreeAnsiString
MmFreeContiguousMemory
MmQuerySystemSize
CcSetDirtyPinnedData
ZwReadFile
MmUnsecureVirtualMemory
KeSetTimer
ZwWriteFile
ZwFsControlFile
IoReleaseCancelSpinLock
ExGetExclusiveWaiterCount
MmIsVerifierEnabled
FsRtlFreeFileLock
MmAllocateContiguousMemory
IoGetBootDiskInformation
IoDeviceObjectType
ExDeleteNPagedLookasideList
KeSetTargetProcessorDpc
CcZeroData
IoDeleteController
CcPreparePinWrite
IoFreeIrp
RtlFreeUnicodeString
CcMdlWriteComplete
IoGetDeviceToVerify
MmUnmapReservedMapping
CcMapData
KeRundownQueue
RtlInitializeUnicodePrefix
ExReleaseResourceLite
FsRtlIsHpfsDbcsLegal
PsRevertToSelf
KeInitializeDpc
RtlDelete
ExRegisterCallback
RtlInitAnsiString
MmIsDriverVerifying
IoAllocateController
CcIsThereDirtyData
CcRemapBcb
RtlFindClearBits
IoReleaseVpbSpinLock
PoStartNextPowerIrp
PsImpersonateClient
ProbeForWrite
ObfDereferenceObject
IoQueueWorkItem
SeValidSecurityDescriptor
ZwEnumerateValueKey
ZwCreateFile
IoGetTopLevelIrp
IoWriteErrorLogEntry
IoRemoveShareAccess
KeWaitForSingleObject
IoQueryDeviceDescription
SeAppendPrivileges
MmFreeMappingAddress
MmUnmapIoSpace
ZwCreateDirectoryObject
IoVolumeDeviceToDosName
IoAllocateErrorLogEntry
RtlLengthRequiredSid
IoReleaseRemoveLockEx
CcCanIWrite
KeRemoveEntryDeviceQueue
IoFreeMdl
RtlInsertUnicodePrefix
KeWaitForMultipleObjects
RtlCompareString
FsRtlAllocateFileLock
RtlIsNameLegalDOS8Dot3
RtlGetVersion
RtlValidSecurityDescriptor
KeReleaseSemaphore
RtlUpperChar
CcDeferWrite
IoWritePartitionTableEx
RtlInitUnicodeString
SeAssignSecurity
IoGetDeviceInterfaces
RtlGenerate8dot3Name
MmGetPhysicalAddress
MmLockPagableSectionByHandle
ExVerifySuite
RtlClearBits
RtlFindClearBitsAndSet
ZwOpenFile
CcGetFileObjectFromBcb
IoRaiseHardError
KeRemoveQueueDpc
KeInitializeApc
ExLocalTimeToSystemTime
KeDeregisterBugCheckCallback
KeSetEvent
IoGetCurrentProcess
RtlFindNextForwardRunClear
IoOpenDeviceRegistryKey
ZwDeleteValueKey
SeQueryAuthenticationIdToken
IoBuildSynchronousFsdRequest
FsRtlGetNextFileLock
ExAcquireResourceSharedLite
FsRtlIsTotalDeviceFailure
IoReadPartitionTableEx
ObOpenObjectByPointer
ZwEnumerateKey
ObMakeTemporaryObject
IoGetAttachedDeviceReference
IoSetDeviceInterfaceState
IoStartTimer
IoWMIRegistrationControl
DbgPrompt
ExUuidCreate
MmResetDriverPaging
RtlFindMostSignificantBit

Sections

.text
Size: 27KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa0350e283ac124f103c56e80e883758

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 27KB - Virtual size: 55KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 512B - Virtual size: 512B

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 294B

.data Size: 37KB - Virtual size: 37KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 684B

.text
Size: 27KB - Virtual size: 55KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 512B - Virtual size: 512B

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 294B

.data
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 684B