bf4dbba2ee84ba1ce6b7c7a3ff946e8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf4dbba2ee84ba1ce6b7c7a3ff946e8c_JaffaCakes118
Size

444KB
MD5

bf4dbba2ee84ba1ce6b7c7a3ff946e8c
SHA1

846e6be52a76810043faad00ccf5726ebbe10b5d
SHA256

59d006af864803d5bf7c6bd09cb89b8dd5d27f36bccc77e9acef2cffb9907181
SHA512

e68710bff162b7a430f64c6e7a774e9883dd0501bc43f63ca1eb06595650f3c95d455504fe55d6bbeaf10051f96c335fa819d73e45207719e7021d475c97628b
SSDEEP

6144:vWFjzenJItn8ofukweiDzoikQNgV2NypcrzM09UEORrvNO2JnV1vF5pOWRRW9r3R:vWFHean8uweiDXi+ypc59fcFan9xK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf4dbba2ee84ba1ce6b7c7a3ff946e8c_JaffaCakes118

Files

bf4dbba2ee84ba1ce6b7c7a3ff946e8c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

322ddfb2feb91784123b4cb3423bb380

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\ylWgxjJWVOaw\Bmkrodzc\iumnTCsWas\uipViBbUwkwaRd.pdb

Imports

ntoskrnl.exe

CcPinMappedData
RtlxOemStringToUnicodeSize
ExFreePoolWithTag
KeSetKernelStackSwapEnable
RtlUnicodeToOemN
RtlFindLeastSignificantBit
RtlCheckRegistryKey
RtlTimeToSecondsSince1970
RtlUpcaseUnicodeToOemN
IofCompleteRequest
IoGetStackLimits
ZwQueryInformationFile
PoCallDriver
RtlEnumerateGenericTable
MmIsDriverVerifying
RtlCopyUnicodeString
IoCreateDevice
ZwCreateFile
RtlCreateUnicodeString
PsReferencePrimaryToken
KeInitializeDpc
CcMdlRead
IoVolumeDeviceToDosName
RtlEqualUnicodeString
RtlGetNextRange
KeDelayExecutionThread
KeRemoveByKeyDeviceQueue
RtlGetVersion
FsRtlCheckLockForReadAccess
KePulseEvent
KeReadStateTimer
ObMakeTemporaryObject
KeSynchronizeExecution
CcMdlWriteAbort
IoVerifyVolume
FsRtlAllocateFileLock
RtlVerifyVersionInfo
SeImpersonateClientEx
PsGetCurrentThreadId
IoCheckEaBufferValidity
MmIsAddressValid
RtlIsNameLegalDOS8Dot3
CcPurgeCacheSection
MmIsVerifierEnabled
KeWaitForMultipleObjects
PsTerminateSystemThread
RtlxAnsiStringToUnicodeSize
CcSetBcbOwnerPointer
KeDetachProcess
RtlSetDaclSecurityDescriptor
IoEnumerateDeviceObjectList
RtlCompareMemory
MmGetSystemRoutineAddress
ZwQuerySymbolicLinkObject
VerSetConditionMask
ZwOpenKey
RtlValidSid
IoInvalidateDeviceRelations
MmQuerySystemSize
RtlFindClearBits
ZwDeleteKey
KeSetTargetProcessorDpc
MmMapIoSpace
IoCheckQuotaBufferValidity
RtlMapGenericMask
MmUnmapLockedPages
FsRtlNotifyInitializeSync
KeSetSystemAffinityThread
PsDereferencePrimaryToken
ObReferenceObjectByPointer
RtlFindSetBits
IoSetDeviceInterfaceState
RtlCreateAcl
KeQueryInterruptTime
IoIsSystemThread
RtlInt64ToUnicodeString
IoGetTopLevelIrp
CcFastCopyRead
PsGetCurrentThread
SeDeleteObjectAuditAlarm
IoBuildPartialMdl
ObGetObjectSecurity
RtlQueryRegistryValues
IoWriteErrorLogEntry
CcMapData
RtlFreeOemString
ObOpenObjectByPointer
CcCanIWrite
CcSetFileSizes
FsRtlMdlWriteCompleteDev
RtlOemToUnicodeN
RtlCopySid
KeSetImportanceDpc
PsGetVersion
RtlExtendedIntegerMultiply
KeQueryTimeIncrement
MmLockPagableSectionByHandle
RtlGUIDFromString
IoReleaseRemoveLockAndWaitEx
RtlSplay
FsRtlLookupLastLargeMcbEntry
ExRaiseAccessViolation
ZwEnumerateKey
IoStartPacket
SePrivilegeCheck
MmProbeAndLockPages
IoInitializeRemoveLockEx
ZwDeleteValueKey
IoGetRelatedDeviceObject
RtlFindUnicodePrefix
FsRtlSplitLargeMcb
MmForceSectionClosed
PsGetProcessId
RtlWriteRegistryValue
FsRtlIsNameInExpression
RtlInitializeUnicodePrefix
IoReportDetectedDevice
ZwFreeVirtualMemory
IoDeleteSymbolicLink
ExSystemTimeToLocalTime
SeSetSecurityDescriptorInfo
KeInitializeSemaphore
CcFastCopyWrite
ExGetSharedWaiterCount
SeQueryInformationToken
RtlInitAnsiString
RtlRandom
IoReadPartitionTableEx
MmUnlockPages
FsRtlIsTotalDeviceFailure
ZwCreateSection
IoGetDiskDeviceObject
KeUnstackDetachProcess
RtlInitializeSid
FsRtlIsFatDbcsLegal
DbgPrompt
IoQueueWorkItem
RtlInitUnicodeString
KeSaveFloatingPointState
ZwNotifyChangeKey
RtlCreateSecurityDescriptor
RtlIntegerToUnicodeString
IoFreeWorkItem
RtlLengthRequiredSid
RtlDeleteElementGenericTable
PsGetThreadProcessId
ObInsertObject
IoGetRequestorProcess
FsRtlGetNextFileLock
CcIsThereDirtyData
RtlFindMostSignificantBit
MmIsThisAnNtAsSystem
PoSetPowerState
IoRaiseHardError
ZwCreateEvent
IoIsOperationSynchronous
KeRundownQueue
RtlUpcaseUnicodeChar
FsRtlCheckOplock
ZwReadFile
ExVerifySuite
RtlCreateRegistryKey
IoBuildSynchronousFsdRequest
PsIsThreadTerminating
RtlCharToInteger
CcZeroData
RtlFreeAnsiString
IoAllocateWorkItem
RtlPrefixUnicodeString
PoUnregisterSystemState
IoCheckShareAccess
MmAdvanceMdl
MmMapUserAddressesToPage
MmProbeAndLockProcessPages
RtlSubAuthoritySid
IoAcquireVpbSpinLock
PsLookupProcessByProcessId
ExUuidCreate
PsSetLoadImageNotifyRoutine
ExAcquireResourceSharedLite
ObfDereferenceObject
RtlTimeFieldsToTime
ZwWriteFile
RtlEqualString
KeAttachProcess
HalExamineMBR
MmFreeMappingAddress
MmAllocateMappingAddress
ExInitializeResourceLite
KeSetTimerEx
ZwOpenProcess
RtlInitString
PsReturnPoolQuota
MmSizeOfMdl
SeLockSubjectContext
RtlDeleteNoSplay
RtlSecondsSince1970ToTime
IoGetRequestorProcessId
IoIsWdmVersionAvailable
KeLeaveCriticalRegion
ExLocalTimeToSystemTime
RtlUnicodeStringToOemString
IoConnectInterrupt
RtlDeleteRegistryValue
IoSetHardErrorOrVerifyDevice
KeReadStateSemaphore
ObQueryNameString
CcInitializeCacheMap
ExDeleteNPagedLookasideList
RtlLengthSid
IoGetDeviceObjectPointer
SeQueryAuthenticationIdToken
RtlUpperString
RtlEqualSid
IoSetPartitionInformation
ExReleaseResourceLite
IoGetDriverObjectExtension
RtlxUnicodeStringToAnsiSize
IoSetSystemPartition
RtlAppendUnicodeToString
CcUnpinDataForThread
MmFreePagesFromMdl
RtlDelete
IoAllocateMdl
IoSetPartitionInformationEx
KeRemoveDeviceQueue
MmFreeNonCachedMemory
KeQueryActiveProcessors
KeInsertHeadQueue
KeFlushQueuedDpcs
SeDeassignSecurity
PoRequestPowerIrp
RtlFindClearRuns
KeSetPriorityThread
IoGetLowerDeviceObject
KefAcquireSpinLockAtDpcLevel
PsChargeProcessPoolQuota
IoReadPartitionTable
RtlUnicodeToMultiByteN
PsCreateSystemThread
IoDeleteDevice
IoReleaseVpbSpinLock
MmPageEntireDriver
IoCreateDisk
IoGetDeviceInterfaces
PsRevertToSelf
CcDeferWrite
SeAppendPrivileges
SeTokenIsAdmin
ExDeleteResourceLite
RtlClearAllBits
IoReleaseCancelSpinLock
IoAllocateErrorLogEntry
IoFreeErrorLogEntry
IoAllocateIrp
ExSetTimerResolution
KeRegisterBugCheckCallback
PsGetCurrentProcess
ZwSetSecurityObject
CcSetDirtyPinnedData

Exports

Exports

?DecrementPointerExA@@YGJPAKME&U
?CopyMessageOriginal@@YGMGH&U
?FindDataW@@YGPAXPAFEHPA_N&U
?IncrementSystemOld@@YGJMF&U
?FormatTimeOriginal@@YGHJIJ&U
?InvalidateHeightOld@@YGHPAGI&U
?HideDateTimeNew@@YGDE&U
?InvalidatePointerOld@@YGPAIMHPAJG&U
?GenerateDeviceA@@YGXHPANE&U
?IsWindowEx@@YGXIEPAJH&U
?InstallFolderExW@@YGXIPAFF_N&U
?CloseMessageW@@YGDG&U
?SetArgument@@YGPAJPAE&U
?InstallMutexOld@@YGIPAM&U
?RtlEventOriginal@@YGJDG&U
?CallWindowW@@YGIPAFPAKJF&U
?CloseDateW@@YGNGHF&U
?ModifyObjectExW@@YGXK&U
?InvalidateWindowInfoOriginal@@YGEMKK&U
?CrtData@@YGPAFJFJK&U
?ShowComponentOriginal@@YGPAXPAF&U
?WindowNew@@YGPAKIPAE&U
?GetMemoryNew@@YGKPAIKMD&U
?GlobalSectionEx@@YGJN&U
?EnumDateExA@@YGPAHF&U
?InvalidateAppNameExA@@YGPADPAKPAH&U
?DeleteFolderPathOld@@YGGPAHGI&U
?ValidateTaskEx@@YG_NPAIPAM&U
?InstallNameNew@@YGMPAI&U
?SendFullNameOriginal@@YGMJPAF&U
?ModifyPen@@YGMPA_NPAJ&U
?CancelKeyNameNew@@YGIJFG&U
?CloseObjectA@@YGPAKH&U
?ValidateKeyName@@YG_NDMNG&U
?GetWidth@@YGEPAFIH_N&U
?ModifyDialog@@YGDPAHF&U
?GenerateWindowInfoEx@@YGXPAEDKJ&U
?PutConfig@@YGPAFJHJ&U
?MediaTypeA@@YGPAMHIJK&U

Sections

.text
Size: 29KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

322ddfb2feb91784123b4cb3423bb380

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 53KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 2KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 353B

.data Size: 37KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 29KB - Virtual size: 53KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 2KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 353B

.data
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 688B