c1c1871f04334d56d7343828117f8aca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c1c1871f04334d56d7343828117f8aca_JaffaCakes118
Size

73KB
MD5

c1c1871f04334d56d7343828117f8aca
SHA1

b1626f12495cd5c6b679faa2aa83e855395ce669
SHA256

0b7c616a4ee43a884dc82d44521ef7cc9024cf22d7203aa012bd7f30415572fe
SHA512

385dd0dc470844da7f5cd0ce8eb8a236a2f90b2f9c398206fb8b983dae5e3bd91320f7fc86e84465d028a58167b9b5ab106d3e0800916476675cfe2da9d10f4d
SSDEEP

1536:0T32K6i5d9pulqQFhFAm1AkxiJWDXvBZFGe4f4G:0dL2VVfcWDBT44G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1c1871f04334d56d7343828117f8aca_JaffaCakes118

Files

c1c1871f04334d56d7343828117f8aca_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a7b38ad19a41b7065b120e547877b5e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\jUUgBmeiEAJitB\gygIuEp\eujjOnBwzLh.pdb

Imports

ntoskrnl.exe

IoUnregisterFileSystem
ZwOpenKey
ZwLoadDriver
SeAppendPrivileges
RtlInitString
RtlInsertUnicodePrefix
IoGetCurrentProcess
FsRtlIsNameInExpression
CcMdlRead
MmAllocateMappingAddress
IoUpdateShareAccess
MmUnlockPagableImageSection
KeAttachProcess
PsImpersonateClient
ZwFsControlFile
KeRundownQueue
FsRtlNotifyInitializeSync
IoAllocateErrorLogEntry
KeInitializeDeviceQueue
KeSetTimer
RtlWriteRegistryValue
RtlEqualString
KeInsertQueueDpc
CcFastMdlReadWait
IoSetDeviceInterfaceState
PoStartNextPowerIrp
SeReleaseSubjectContext
IoSetDeviceToVerify
IoCsqRemoveIrp
RtlDeleteRegistryValue
ZwSetSecurityObject
CcInitializeCacheMap
MmUnsecureVirtualMemory
IoQueryFileDosDeviceName
IoAllocateMdl
ObOpenObjectByPointer
ExSetTimerResolution
IoRegisterDeviceInterface
ObInsertObject
KeSetTargetProcessorDpc
KeReleaseMutex
SeFilterToken
ExGetExclusiveWaiterCount
IoGetRelatedDeviceObject
KeRemoveEntryDeviceQueue
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
ExAllocatePoolWithQuota
FsRtlDeregisterUncProvider
RtlClearBits
PsGetCurrentThreadId
RtlLengthRequiredSid
RtlOemToUnicodeN
ZwPowerInformation
RtlTimeToSecondsSince1970
RtlNtStatusToDosError
SeImpersonateClientEx
RtlInitUnicodeString
KeUnstackDetachProcess
IoAcquireVpbSpinLock
ExRaiseDatatypeMisalignment
KeReadStateMutex
ZwOpenProcess
ObReferenceObjectByPointer
IoRequestDeviceEject
ExDeletePagedLookasideList
RtlCreateSecurityDescriptor
RtlUpcaseUnicodeChar
PsRevertToSelf
ExSystemTimeToLocalTime
ProbeForRead
KeInitializeEvent
IoGetDriverObjectExtension
CcRepinBcb
ZwCreateFile
ZwWriteFile
MmCanFileBeTruncated
IofCompleteRequest
ZwDeleteValueKey
MmUnmapIoSpace
KeFlushQueuedDpcs
CcFastCopyWrite
FsRtlFreeFileLock
RtlxUnicodeStringToAnsiSize
PsReferencePrimaryToken
PoRequestPowerIrp
SeSetSecurityDescriptorInfo
RtlUpperString
KeSetTimerEx
SeOpenObjectAuditAlarm
MmAddVerifierThunks
RtlStringFromGUID
RtlVolumeDeviceToDosName
SeDeleteObjectAuditAlarm
FsRtlCheckOplock
MmGetSystemRoutineAddress
RtlCopySid
ExNotifyCallback
MmFreePagesFromMdl
RtlClearAllBits
ExInitializeResourceLite
IoGetRequestorProcess
HalExamineMBR
MmUnmapReservedMapping
RtlIntegerToUnicodeString
IoFreeController
RtlSubAuthoritySid
RtlFindLongestRunClear
KeSynchronizeExecution
SeQueryInformationToken
MmMapIoSpace
MmIsThisAnNtAsSystem
RtlExtendedIntegerMultiply
CcIsThereDirtyData
KeInitializeTimerEx
ExVerifySuite
MmSetAddressRangeModified
RtlCreateUnicodeString
RtlOemStringToUnicodeString
ZwQueryVolumeInformationFile
IoAcquireCancelSpinLock
MmFreeContiguousMemory
IoDisconnectInterrupt
CcPreparePinWrite
RtlFindClearBits
IoMakeAssociatedIrp
IoCreateDevice
PoUnregisterSystemState
KeReleaseSemaphore
ExRegisterCallback
RtlInitializeBitMap
FsRtlCheckLockForWriteAccess
ObfDereferenceObject
ObReferenceObjectByHandle
KdEnableDebugger
RtlAppendStringToString
DbgPrompt
KeEnterCriticalRegion
KeRemoveQueueDpc
PsCreateSystemThread
RtlUnicodeStringToInteger
KeRemoveByKeyDeviceQueue
RtlIsNameLegalDOS8Dot3
ZwOpenFile
RtlDeleteElementGenericTable
ExLocalTimeToSystemTime
KeWaitForMultipleObjects
FsRtlIsTotalDeviceFailure
IoQueryDeviceDescription
RtlGUIDFromString
RtlCopyUnicodeString
IoCancelIrp
PsGetProcessExitTime
MmAllocatePagesForMdl
KeDetachProcess
RtlHashUnicodeString
IoInitializeIrp
RtlRemoveUnicodePrefix
RtlQueryRegistryValues
RtlFreeOemString
RtlInitializeSid
SeCreateClientSecurity
CcPinRead
SeSinglePrivilegeCheck
KeInitializeTimer
MmFreeNonCachedMemory
KeInsertHeadQueue
KeDelayExecutionThread
ZwCreateKey
ObfReferenceObject
MmHighestUserAddress
RtlUpperChar
RtlCompareMemory
SeValidSecurityDescriptor
CcUnpinData
KeQueryInterruptTime
RtlMapGenericMask
IoAllocateWorkItem
RtlInitializeUnicodePrefix
KeRemoveDeviceQueue
KeSetSystemAffinityThread
CcPurgeCacheSection
RtlDelete
FsRtlIsHpfsDbcsLegal
SePrivilegeCheck
RtlNumberOfClearBits
IofCallDriver
IoDeleteDevice
CcUnpinRepinnedBcb
CcUnpinDataForThread
MmProbeAndLockPages
IoGetDeviceAttachmentBaseRef
RtlFindSetBits
ZwSetVolumeInformationFile
KeRemoveQueue
RtlUnicodeStringToAnsiString
CcSetDirtyPinnedData
ExReinitializeResourceLite
ExAcquireResourceSharedLite
IoReleaseVpbSpinLock
KeDeregisterBugCheckCallback
ExAllocatePoolWithQuotaTag
KeSetBasePriorityThread
IoGetDeviceProperty
FsRtlCheckLockForReadAccess
KeInitializeSpinLock
MmFreeMappingAddress
PsSetLoadImageNotifyRoutine
IoSetTopLevelIrp
KeGetCurrentThread
KeInsertByKeyDeviceQueue
PoCallDriver
MmQuerySystemSize
RtlLengthSecurityDescriptor
IoStartPacket
IoConnectInterrupt
CcSetReadAheadGranularity
ObCreateObject
KeRegisterBugCheckCallback
ExFreePoolWithTag
PsChargeProcessPoolQuota
IoCreateSynchronizationEvent
PoRegisterSystemState
IoReadDiskSignature
IoRemoveShareAccess
KeLeaveCriticalRegion
IoCheckQuotaBufferValidity
IoCreateStreamFileObject
IoReleaseCancelSpinLock
KeQuerySystemTime
IoVerifyVolume
RtlEqualSid
IoFreeIrp
RtlFindClearRuns
MmIsDriverVerifying
ZwDeviceIoControlFile
ZwEnumerateValueKey
PsGetThreadProcessId
ZwCreateDirectoryObject
KeRevertToUserAffinityThread
RtlGenerate8dot3Name
IoQueryFileInformation
SeTokenIsAdmin
RtlVerifyVersionInfo
RtlCopyString
ObQueryNameString
ZwSetValueKey
KdDisableDebugger
PsLookupProcessByProcessId
RtlSetBits
CcCanIWrite
RtlDeleteNoSplay
KeInitializeQueue
ZwMakeTemporaryObject
CcGetFileObjectFromBcb
RtlUnicodeStringToOemString
FsRtlLookupLastLargeMcbEntry
CcSetFileSizes
KeCancelTimer

Exports

Exports

?SendSizeW@@YGMFM<V
?FormatArgumentNew@@YGXPAK<V
?InvalidateThreadExW@@YGPAGGNPAEPAD<V
?ShowClassNew@@YGPAGF<V
?ShowHeightExA@@YGFPAFHEPAI<V
?CopyClassW@@YGDPAM<V

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7b38ad19a41b7065b120e547877b5e6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 10KB - Virtual size: 37KB

.reloc Size: 1024B - Virtual size: 792B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 10KB - Virtual size: 37KB

.reloc
Size: 1024B - Virtual size: 792B