c8808c6df53ee54eb3caff09533141ff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8808c6df53ee54eb3caff09533141ff_JaffaCakes118
Size

61KB
MD5

c8808c6df53ee54eb3caff09533141ff
SHA1

e1bc3c5f2228c9ae7ebc7072d60168de6b106f65
SHA256

b4a3f181efab9843ac3fcf4271b47126438f33c8fa360e4df90e1f8b9455012e
SHA512

10057e30b4b49e67550188dd4c037cb0c91812e369e056d9730999b8de4af4398ac2c8bf0e060703a593e0c522ef885c418a245dcf7a54811cb67c61c0dfa081
SSDEEP

1536:G3lMeBVU7xJ/Mo1a7WtaNtNdUQ/HwubVjaqydR:Y70xGNtN/H9VjaFdR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8808c6df53ee54eb3caff09533141ff_JaffaCakes118

Files

c8808c6df53ee54eb3caff09533141ff_JaffaCakes118
.dll windows:5 windows x86 arch:x86

48002951577a69cbeb8ad6263bad1c31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\ncOwvtg\faybgdIxTljZjv\hxbulynUipzyh.pdb

Imports

ntoskrnl.exe

RtlDelete
IoReadPartitionTable
KeClearEvent
KeReadStateEvent
IoRegisterFileSystem
IoGetDriverObjectExtension
CcIsThereDirtyData
RtlFindLongestRunClear
IoWritePartitionTableEx
RtlGetNextRange
WmiQueryTraceInformation
IoSetHardErrorOrVerifyDevice
FsRtlIsFatDbcsLegal
RtlCopySid
CcUnpinDataForThread
KeInitializeApc
IoSetPartitionInformationEx
KeSetImportanceDpc
RtlVerifyVersionInfo
IoSetDeviceInterfaceState
SeFreePrivileges
ZwCreateSection
IoStartPacket
CcMdlReadComplete
FsRtlIsNameInExpression
ZwUnloadDriver
PsGetCurrentProcess
MmAllocateMappingAddress
KeDelayExecutionThread
CcCopyWrite
KeQueryTimeIncrement
RtlxUnicodeStringToAnsiSize
CcMdlWriteComplete
RtlInsertUnicodePrefix
RtlNumberOfClearBits
RtlUpcaseUnicodeToOemN
IoVerifyPartitionTable
ZwDeleteKey
CcPreparePinWrite
FsRtlSplitLargeMcb
RtlAnsiCharToUnicodeChar
RtlFindUnicodePrefix
RtlSetDaclSecurityDescriptor
RtlInitString
RtlSetAllBits
MmQuerySystemSize
IoReleaseRemoveLockAndWaitEx
ExAcquireResourceSharedLite
IoDeleteController
IoSetSystemPartition
IoGetDmaAdapter
IoWMIWriteEvent
RtlSecondsSince1970ToTime
RtlSubAuthoritySid
PoSetSystemState
FsRtlIsTotalDeviceFailure
RtlRandom
RtlInitializeGenericTable
IoRemoveShareAccess
MmUnsecureVirtualMemory
IoReleaseVpbSpinLock
ZwFlushKey
KeSetEvent
IoRegisterDeviceInterface
ZwAllocateVirtualMemory
MmAllocateNonCachedMemory
IoInitializeTimer
MmAddVerifierThunks
ZwQueryVolumeInformationFile
RtlUpperChar
KeSetTimer
PsImpersonateClient
KeInitializeSpinLock
ZwDeviceIoControlFile
IoReportResourceForDetection
ExUuidCreate
IoSetShareAccess
ObfReferenceObject
RtlInitializeUnicodePrefix
IoGetRequestorProcessId
FsRtlIsHpfsDbcsLegal
KeFlushQueuedDpcs
ExRaiseDatatypeMisalignment
MmMapUserAddressesToPage
KeResetEvent
PoCallDriver
RtlValidSecurityDescriptor
IoGetStackLimits
ZwQuerySymbolicLinkObject
RtlAreBitsClear
DbgBreakPointWithStatus
IoDeleteSymbolicLink
FsRtlCheckLockForWriteAccess
IoGetAttachedDeviceReference
MmAllocateContiguousMemory
IoFreeMdl
SeAssignSecurity
RtlFindClearRuns
IoCheckQuotaBufferValidity
SeImpersonateClientEx
PoUnregisterSystemState
MmLockPagableDataSection
IoAllocateIrp
IoQueryFileInformation
RtlCreateUnicodeString
IoGetAttachedDevice
RtlCompareUnicodeString
IoSetStartIoAttributes
RtlAddAccessAllowedAce
ExLocalTimeToSystemTime
HalExamineMBR
KeSetBasePriorityThread
ZwCreateEvent
RtlLengthSid
IoCsqRemoveIrp
PoRegisterSystemState
RtlEnumerateGenericTable
CcSetReadAheadGranularity
KeSynchronizeExecution
IoReleaseCancelSpinLock
PsCreateSystemThread
ExSystemTimeToLocalTime
IofCompleteRequest
ZwWriteFile
IoEnumerateDeviceObjectList
IoGetDeviceProperty
ObCreateObject
ExGetPreviousMode
KeInsertQueueDpc
RtlCreateSecurityDescriptor
IoOpenDeviceRegistryKey
ExDeleteNPagedLookasideList
ZwEnumerateKey
IoInvalidateDeviceRelations
IoInvalidateDeviceState
ExDeletePagedLookasideList
ZwFreeVirtualMemory
RtlFindLeastSignificantBit
ObReferenceObjectByHandle
ZwCreateFile
IoQueryFileDosDeviceName
KdEnableDebugger
CcPurgeCacheSection
KeInsertHeadQueue
RtlInitAnsiString
CcDeferWrite
KeCancelTimer
DbgPrompt
RtlAddAccessAllowedAceEx
ExReleaseFastMutexUnsafe
SeOpenObjectAuditAlarm
MmAdvanceMdl
IoAllocateMdl
RtlAppendUnicodeToString
KeInitializeMutex
RtlTimeFieldsToTime
IoThreadToProcess
RtlUnicodeStringToOemString
ZwClose
MmCanFileBeTruncated
KeInsertByKeyDeviceQueue
ZwSetVolumeInformationFile
MmUnmapReservedMapping
RtlQueryRegistryValues
MmUnmapIoSpace
IoGetDeviceObjectPointer
ZwLoadDriver
IoVolumeDeviceToDosName
RtlTimeToSecondsSince1970
PsGetProcessId
PsGetThreadProcessId
ExDeleteResourceLite
RtlSecondsSince1980ToTime
RtlDeleteElementGenericTable
KeInitializeTimer
CcUnpinRepinnedBcb
IoCreateNotificationEvent
KeSetTargetProcessorDpc
MmBuildMdlForNonPagedPool
IoStartTimer
MmFreeMappingAddress
KeLeaveCriticalRegion
ExReleaseResourceLite
KeWaitForSingleObject
KeSetPriorityThread
FsRtlCheckLockForReadAccess
MmMapLockedPagesSpecifyCache
CcPinMappedData
CcMapData
RtlVolumeDeviceToDosName
IoUpdateShareAccess
IoSetTopLevelIrp
RtlSetBits
MmAllocatePagesForMdl
ZwFsControlFile
IoQueueWorkItem
ExSetTimerResolution
RtlInitializeBitMap
ExSetResourceOwnerPointer
RtlIntegerToUnicodeString
IoReuseIrp
DbgBreakPoint
CcCanIWrite
IoCreateDevice
PsRevertToSelf
RtlFreeUnicodeString
KeReleaseMutex
PsIsThreadTerminating
CcRepinBcb
ExCreateCallback
MmIsVerifierEnabled
RtlEqualString
RtlTimeToSecondsSince1980
IoIsWdmVersionAvailable
KeEnterCriticalRegion
RtlAreBitsSet
KeQueryInterruptTime
ExFreePoolWithTag
IoAllocateAdapterChannel
PsGetCurrentThread
RtlIsNameLegalDOS8Dot3
IoConnectInterrupt
MmIsAddressValid
RtlInitializeSid
PsLookupThreadByThreadId
RtlGetVersion
MmUnmapLockedPages
SeCaptureSubjectContext
ZwQueryKey
IoGetTopLevelIrp
MmSetAddressRangeModified
MmFlushImageSection
IoCheckEaBufferValidity
IoRaiseHardError
CcRemapBcb
IoInitializeIrp
IoCheckShareAccess
ZwSetSecurityObject
ObOpenObjectByPointer
CcSetFileSizes
FsRtlDeregisterUncProvider
IoFreeController
ZwOpenSymbolicLinkObject
VerSetConditionMask
IoCancelIrp
IoCreateStreamFileObject
IoFreeErrorLogEntry
KeBugCheck
RtlCompareMemory
RtlUnicodeStringToInteger
RtlCreateAcl
ObfDereferenceObject
ZwSetValueKey
PsGetCurrentProcessId
ObReferenceObjectByPointer
KeDeregisterBugCheckCallback
ExVerifySuite
MmIsThisAnNtAsSystem
RtlEqualSid
FsRtlIsDbcsInExpression
ZwQueryValueKey
IoAllocateWorkItem
IoStopTimer

Exports

Exports

?AddDeviceExA@@YGFPAH~U
?HideStateEx@@YGJEN~U
?CloseObjectExA@@YGGDIG~U
?LoadPenOld@@YGEJ_N~U
?RemoveConfig@@YGPAN_N~U
?SystemOriginal@@YGNPAG_NPAJ~U
?DecrementKeyboardOriginal@@YGEPADPAED~U
?CallFileEx@@YGXFPAJPAKD~U
?IsSectionW@@YGGF~U
?RemoveSystemNew@@YGPAIPA_N~U
?DecrementProcessExA@@YGPAXPAIPAHNPAM~U
?RtlStateOriginal@@YGJGF~U
?RtlStateA@@YGGK~U
?HideNameOriginal@@YGPAFI~U
?ValidateMediaTypeOriginal@@YGXIPAD~U
?ModifyMediaTypeEx@@YGPAFH~U
?DeleteProcessA@@YGGJJ~U
?LoadKeyboardW@@YGPA_NPAIPAE~U
?FindArgument@@YGIEIFN~U
?CancelMutexEx@@YGIPAN~U
?InsertWindowInfoExA@@YGFPAHMPAJ~U
?KillPointerW@@YGPAX_NMKPAK~U
?InstallProviderW@@YGMMM~U
?InvalidateDirectoryA@@YGGM~U
?DecrementDateTimeOld@@YGDEPAHMPAF~U
?FreeMonitorEx@@YGDPAI~U
?IncrementValueOld@@YGHPADPAK~U
?CopyKeyNameW@@YGPAXK~U
?ValidateState@@YGJHJ_NPAD~U
?PutArgumentEx@@YGPANPAHPAEPAHPAM~U
?IsNotDateTimeExW@@YGKF~U
?GenerateSystemOriginal@@YGPADJ~U
?IsNotKeyNameNew@@YGXPAMPAK~U
?RtlSystemExA@@YGJG~U
?OnAnchorA@@YGPANPAMFPAJ~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 635B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48002951577a69cbeb8ad6263bad1c31

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 635B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 716B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 635B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 716B