bc22fba565ffb0a2df2d1e4950011996_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc22fba565ffb0a2df2d1e4950011996_JaffaCakes118
Size

135KB
MD5

bc22fba565ffb0a2df2d1e4950011996
SHA1

2a266dd9b524347fe28228a321cbabb19b158694
SHA256

8fa9aa1e7d4f6455f7f0eb506f136ce5d3bdb0350ae581c818e1d6f8affcd6c7
SHA512

67870ba85c7f236b2ec4e1b809914fd8fb617ec5d28b2445727c5fad731e80a91c965d3073885bb72244c93e9c1a92fc85c67ce2b48aa1fa7818ca55340a3bdf
SSDEEP

3072:KYHo9LX0rZsWvpUSdN7E76VuLFUSfSEp:94X0dnRgVLa7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc22fba565ffb0a2df2d1e4950011996_JaffaCakes118

Files

bc22fba565ffb0a2df2d1e4950011996_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ebd859b0d9e17adbf2805a89b68d785a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\JptpqejfQAZadY\fnYgbaSVpZ\vpYaPws\etxokbmeoArlQ\AIRNuocI.pdb

Imports

ntoskrnl.exe

PoRegisterSystemState
CcInitializeCacheMap
KeReadStateTimer
RtlDelete
IoAcquireCancelSpinLock
KeQueryInterruptTime
SeQueryInformationToken
KeSetKernelStackSwapEnable
IoThreadToProcess
RtlVolumeDeviceToDosName
RtlQueryRegistryValues
PsTerminateSystemThread
PsIsThreadTerminating
FsRtlIsHpfsDbcsLegal
RtlExtendedIntegerMultiply
IoCheckShareAccess
RtlVerifyVersionInfo
KeQueryActiveProcessors
RtlPrefixUnicodeString
IoGetCurrentProcess
MmAllocateContiguousMemory
IoGetDeviceObjectPointer
IoGetRelatedDeviceObject
IoIsSystemThread
KeReleaseMutex
MmIsAddressValid
SeTokenIsRestricted
MmQuerySystemSize
ExRegisterCallback
KeBugCheckEx
RtlUpcaseUnicodeString
RtlUnicodeToOemN
RtlCheckRegistryKey
RtlCreateRegistryKey
PsGetProcessId
KeReleaseSemaphore
MmFreeContiguousMemory
ExVerifySuite
ZwClose
CcPinMappedData
RtlFindLastBackwardRunClear
IoAllocateMdl
ExFreePool
PsImpersonateClient
IoAcquireVpbSpinLock
IoFreeMdl
IoSetDeviceToVerify
RtlDeleteElementGenericTable
RtlEqualUnicodeString
RtlInitializeUnicodePrefix
CcMdlReadComplete
KeRundownQueue
CcGetFileObjectFromBcb
FsRtlCheckOplock
ZwLoadDriver
ExUuidCreate
RtlFindSetBits
IoWritePartitionTableEx
RtlUpcaseUnicodeToOemN
RtlValidSecurityDescriptor
CcCopyWrite
ZwQueryVolumeInformationFile
MmProbeAndLockPages
KeEnterCriticalRegion
SeDeassignSecurity
PoRequestPowerIrp
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
KeSetSystemAffinityThread
RtlCopySid
RtlSecondsSince1980ToTime
CcMapData
RtlUpperString
RtlFreeAnsiString
IoSetPartitionInformationEx
KeCancelTimer
IoStartPacket
KeWaitForSingleObject
MmAddVerifierThunks
RtlClearBits
RtlTimeFieldsToTime
KeBugCheck
RtlAnsiStringToUnicodeString
SeAssignSecurity
MmUnlockPagableImageSection
RtlInitAnsiString
MmUnmapIoSpace
CcPinRead
RtlNumberOfClearBits
PoCallDriver
IoCheckQuotaBufferValidity
SeDeleteObjectAuditAlarm
KeSaveFloatingPointState
IoGetAttachedDevice
IoDetachDevice
MmCanFileBeTruncated
PsGetVersion
KeStackAttachProcess
KeInitializeMutex
IoReportResourceForDetection
IoRegisterFileSystem
RtlCreateUnicodeString
IoCreateNotificationEvent
KeClearEvent
RtlFindLeastSignificantBit
FsRtlLookupLastLargeMcbEntry
RtlInitUnicodeString
RtlCopyUnicodeString
RtlLengthSid
DbgBreakPoint
ObMakeTemporaryObject
CcUnpinData
ExGetPreviousMode
RtlAnsiCharToUnicodeChar
CcSetFileSizes
KeSynchronizeExecution
RtlRemoveUnicodePrefix
IoGetRequestorProcessId
RtlLengthRequiredSid
RtlDowncaseUnicodeString
ZwSetValueKey
IoDeleteDevice
SeReleaseSubjectContext
IoSetShareAccess
RtlFreeOemString
MmUnlockPages
MmUnmapReservedMapping
KeReadStateSemaphore
RtlTimeToSecondsSince1970
CcSetDirtyPinnedData
ObGetObjectSecurity
MmIsDriverVerifying
IoUpdateShareAccess
KeDelayExecutionThread
ZwCreateSection
KePulseEvent
RtlAddAccessAllowedAce
ZwReadFile
IoRaiseHardError
RtlIsNameLegalDOS8Dot3
RtlEqualSid
RtlSplay
ExUnregisterCallback
IoVerifyVolume
KeRestoreFloatingPointState
MmPageEntireDriver
RtlxUnicodeStringToAnsiSize
RtlUnicodeToMultiByteN
KeResetEvent
MmGetPhysicalAddress
IoQueryFileInformation
SeCreateClientSecurity
DbgBreakPointWithStatus
ZwEnumerateKey
KeInitializeTimer
ZwCreateEvent
PsDereferencePrimaryToken
ObCreateObject
FsRtlCheckLockForReadAccess
KeSetTargetProcessorDpc
IoSetDeviceInterfaceState
IoGetDmaAdapter
IoStartTimer
ZwQueryKey
SeValidSecurityDescriptor
RtlTimeToTimeFields
KeRemoveEntryDeviceQueue
ZwDeviceIoControlFile
RtlLengthSecurityDescriptor
IoQueueWorkItem
KeDeregisterBugCheckCallback
ExInitializeResourceLite
ExNotifyCallback
IoBuildSynchronousFsdRequest
RtlCopyLuid
MmIsThisAnNtAsSystem
RtlFindNextForwardRunClear
ExSystemTimeToLocalTime
RtlAppendUnicodeToString
CcUninitializeCacheMap
PsLookupProcessByProcessId
ZwOpenFile
KeReadStateMutex
ZwFsControlFile
PsGetCurrentThread
ZwQueryInformationFile
IoWriteErrorLogEntry
IoAllocateAdapterChannel
IoAllocateIrp
KeRegisterBugCheckCallback
RtlInitializeBitMap
RtlUnicodeStringToOemString
IoCreateStreamFileObjectLite
ZwNotifyChangeKey
RtlTimeToSecondsSince1980
ZwCreateKey
RtlRandom
CcCopyRead
RtlUnicodeStringToInteger
IoRequestDeviceEject
IoUnregisterFileSystem
KeInsertQueueDpc
FsRtlIsNameInExpression
ZwOpenSymbolicLinkObject
IoInvalidateDeviceRelations
ObReferenceObjectByPointer
MmUnsecureVirtualMemory
MmFreeMappingAddress
RtlSubAuthoritySid
MmGetSystemRoutineAddress
RtlCompareUnicodeString
PsReturnPoolQuota
PoSetSystemState
KeInitializeSpinLock
CcPreparePinWrite
ZwEnumerateValueKey
RtlFindClearRuns
DbgPrompt
ExDeletePagedLookasideList
RtlAppendStringToString
RtlIntegerToUnicodeString
KeRemoveDeviceQueue
MmAllocateMappingAddress
MmIsVerifierEnabled
ExIsProcessorFeaturePresent
KeInitializeDpc
RtlDeleteRegistryValue
ZwAllocateVirtualMemory
ExAcquireResourceSharedLite
IoSetPartitionInformation
RtlAreBitsSet
IoWMIRegistrationControl
RtlDeleteNoSplay
IoDeleteController
PoSetPowerState
ZwOpenSection
RtlGetNextRange
KeInitializeSemaphore
SeAccessCheck
SeTokenIsAdmin
ObReleaseObjectSecurity
KeInitializeApc
ExRaiseDatatypeMisalignment
FsRtlNotifyInitializeSync
FsRtlIsDbcsInExpression
ZwQuerySymbolicLinkObject
SeImpersonateClientEx
MmSecureVirtualMemory
IoReleaseRemoveLockAndWaitEx
ZwCreateFile
KeFlushQueuedDpcs
ExReleaseResourceLite
IoSetHardErrorOrVerifyDevice
ZwWriteFile
ExFreePoolWithTag
KeSetEvent
KeRevertToUserAffinityThread
RtlSetAllBits
MmSizeOfMdl
CcSetBcbOwnerPointer

Exports

Exports

?IncrementValueW@@IJJHME@X

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebd859b0d9e17adbf2805a89b68d785a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 61KB - Virtual size: 61KB

.init Size: - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 1024B - Virtual size: 520B

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 61KB - Virtual size: 61KB

.init
Size: - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 1024B - Virtual size: 520B