d34a6694454d440667601efa02541579_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d34a6694454d440667601efa02541579_JaffaCakes118
Size

76KB
MD5

d34a6694454d440667601efa02541579
SHA1

1d668c76c3509f3f8191982afb492cc297e525df
SHA256

b31bee5dc304f648069bba0b40be9d2fb99a488493f61b22072bbffbd9e323f3
SHA512

3b189a18a895c3cad4562a6589faf4f5e3fa2254b7336a767f2aed7b84b39098652bbbbc95ec6aa23aa8f1b4f75fff0fe9165c077b165a339a48c6bf1124987f
SSDEEP

1536:Uxkk0z2Y09YjhpGUF3AaWwuNK2wbThZ33nvalt1R:ptWc/nENKdPilt1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d34a6694454d440667601efa02541579_JaffaCakes118

Files

d34a6694454d440667601efa02541579_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a111ef75405b5c034bdb8a4a2126f7a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\slryfjK\tgabzVoNhcig\nBmENzc\TmQpmdwbytf\lqvKzjXc.pdb

Imports

ntoskrnl.exe

DbgBreakPointWithStatus
KeQuerySystemTime
ZwCreateEvent
IoGetDiskDeviceObject
ExDeleteResourceLite
IoGetLowerDeviceObject
RtlMultiByteToUnicodeN
CcCanIWrite
SeFreePrivileges
KefAcquireSpinLockAtDpcLevel
IofCompleteRequest
PsDereferencePrimaryToken
RtlCompareMemory
SeQueryAuthenticationIdToken
MmGetSystemRoutineAddress
KeRemoveByKeyDeviceQueue
KePulseEvent
RtlAddAccessAllowedAceEx
KeInitializeQueue
RtlRandom
ZwMapViewOfSection
ZwQuerySymbolicLinkObject
ObReferenceObjectByPointer
RtlUpperString
ExAllocatePoolWithQuotaTag
RtlLengthSecurityDescriptor
FsRtlDeregisterUncProvider
ProbeForWrite
CcMdlWriteAbort
ExAllocatePoolWithTag
IoGetDeviceAttachmentBaseRef
KeReadStateTimer
RtlInitializeGenericTable
MmGetPhysicalAddress
RtlDelete
RtlClearAllBits
IoAllocateController
MmPageEntireDriver
MmIsDriverVerifying
IoAllocateAdapterChannel
RtlTimeFieldsToTime
IoOpenDeviceRegistryKey
PsGetCurrentThread
CcGetFileObjectFromBcb
MmProbeAndLockPages
RtlGetCallersAddress
RtlCopyUnicodeString
ExAcquireFastMutexUnsafe
RtlCopyLuid
IoDisconnectInterrupt
IoFreeController
SeSetSecurityDescriptorInfo
IoSetDeviceInterfaceState
IoThreadToProcess
RtlInitializeBitMap
ZwOpenSection
ZwQueryVolumeInformationFile
SeDeassignSecurity
RtlFindClearBits
IoSetDeviceToVerify
SeAccessCheck
ZwClose
IoEnumerateDeviceObjectList
KeRevertToUserAffinityThread
IoReuseIrp
RtlLengthRequiredSid
KeAttachProcess
DbgBreakPoint
ExAllocatePoolWithQuota
FsRtlFreeFileLock
IoSetShareAccess
RtlTimeToTimeFields
KeGetCurrentThread
IoAllocateIrp
IoGetAttachedDeviceReference
KeQueryInterruptTime
IoCheckQuotaBufferValidity
PsCreateSystemThread
ZwFreeVirtualMemory
FsRtlGetNextFileLock
PoCallDriver
ZwUnloadDriver
IoGetAttachedDevice
MmLockPagableDataSection
PsGetThreadProcessId
PsChargeProcessPoolQuota
KeReadStateSemaphore
IoRaiseHardError
CcIsThereDirtyData
RtlCopySid
ZwEnumerateValueKey
IoBuildPartialMdl
IoAcquireCancelSpinLock
IoReadDiskSignature
RtlAppendStringToString
KeRemoveQueueDpc
IoReleaseVpbSpinLock
MmAllocateNonCachedMemory
CcCopyWrite
ZwReadFile
RtlFreeAnsiString
RtlInitAnsiString
ExQueueWorkItem
MmCanFileBeTruncated
MmUnlockPages
RtlFindMostSignificantBit
ExReinitializeResourceLite
SeLockSubjectContext
PsImpersonateClient
RtlFindClearBitsAndSet
IoGetDeviceInterfaceAlias
RtlUnicodeStringToOemString
IoRemoveShareAccess
FsRtlIsDbcsInExpression
ExRaiseAccessViolation
RtlQueryRegistryValues
IoInvalidateDeviceRelations
IoWMIWriteEvent
CcUnpinData
ExNotifyCallback
PsGetProcessExitTime
RtlHashUnicodeString
IoAllocateWorkItem
CcSetReadAheadGranularity
IoGetRequestorProcess
SeTokenIsAdmin
IoCreateNotificationEvent
IoIsSystemThread
ObMakeTemporaryObject
KeInsertHeadQueue
MmAllocatePagesForMdl
RtlUnicodeToOemN
IoReportResourceForDetection
IoDeleteSymbolicLink
CcSetBcbOwnerPointer
IoGetStackLimits
RtlFindSetBits
RtlAnsiCharToUnicodeChar
IoFreeWorkItem
KeEnterCriticalRegion
IoInitializeIrp
RtlFindUnicodePrefix
SePrivilegeCheck
PoSetPowerState
KeWaitForSingleObject
FsRtlMdlWriteCompleteDev
RtlFindClearRuns
IoSetThreadHardErrorMode
CcPurgeCacheSection
IoCheckEaBufferValidity
RtlIsNameLegalDOS8Dot3
KeDeregisterBugCheckCallback
MmHighestUserAddress
ExAllocatePool
IoGetTopLevelIrp
CcDeferWrite
RtlFreeOemString
IoGetDeviceObjectPointer
PsRevertToSelf
RtlFindLongestRunClear
PsIsThreadTerminating
CcFastCopyWrite
RtlClearBits
KeSaveFloatingPointState
CcRepinBcb
MmMapLockedPagesSpecifyCache
ZwDeviceIoControlFile
ExDeletePagedLookasideList
IoCreateStreamFileObject
ObInsertObject
FsRtlIsNameInExpression
ObGetObjectSecurity
MmAllocateMappingAddress
ExIsProcessorFeaturePresent
PsGetProcessId
IoDeleteController
ZwMakeTemporaryObject
SeAssignSecurity
IoDeviceObjectType
IoReleaseRemoveLockEx
IoWritePartitionTableEx
CcFastMdlReadWait
ObReferenceObjectByHandle
ExUnregisterCallback
RtlCreateUnicodeString
CcSetFileSizes
ZwFsControlFile
IoInvalidateDeviceState
ZwOpenFile
KeSetSystemAffinityThread
CcInitializeCacheMap
ZwQueryValueKey
IoStartNextPacket
PsGetVersion
KeReleaseMutex
ZwQueryKey
MmMapLockedPages
IoUpdateShareAccess
KeSetTimer
SeTokenIsRestricted
ExAcquireResourceSharedLite
IoAcquireRemoveLockEx
IoQueryDeviceDescription
CcCopyRead
IoCreateSymbolicLink
KeSetPriorityThread
FsRtlCheckLockForReadAccess
ZwNotifyChangeKey
IoVerifyPartitionTable
PsGetCurrentProcess
ExFreePool
IoQueueWorkItem
KeInitializeApc
RtlSubAuthoritySid
ObReleaseObjectSecurity
RtlTimeToSecondsSince1970
RtlAppendUnicodeToString
KeRegisterBugCheckCallback
IoConnectInterrupt
KeSetKernelStackSwapEnable
MmAdvanceMdl
RtlVerifyVersionInfo
HalExamineMBR
IoDetachDevice
IoSetTopLevelIrp
IoCreateDevice
RtlNtStatusToDosError
FsRtlSplitLargeMcb
FsRtlFastCheckLockForRead
RtlInitUnicodeString
IoSetStartIoAttributes
IoSetSystemPartition
ZwDeleteKey
MmFreeMappingAddress
MmForceSectionClosed
PoUnregisterSystemState
RtlSetAllBits
IoFreeErrorLogEntry
MmMapIoSpace
RtlValidSecurityDescriptor
SeCreateClientSecurity
KeReadStateEvent
KeRemoveQueue
FsRtlNotifyInitializeSync
PsReferencePrimaryToken
RtlIntegerToUnicodeString
KeSetImportanceDpc
RtlUnicodeToMultiByteN
IoQueryFileDosDeviceName
IoReadPartitionTableEx
SeOpenObjectAuditAlarm
PoStartNextPowerIrp
MmSetAddressRangeModified
KeInsertQueueDpc
ExRegisterCallback
IoCancelIrp
RtlSetDaclSecurityDescriptor
MmLockPagableSectionByHandle
ZwLoadDriver
FsRtlCheckOplock
KeRestoreFloatingPointState

Exports

Exports

?CopyDataW@@YGFPAE]A
?CloseSizeExA@@YGPAEE]A
?InsertAppNameOriginal@@YGPAGPAGHKE]A
?FormatData@@YGXPAMHPAKE]A
?RemoveProjectOriginal@@YGKIPAG]A
?SendScreenOld@@YGHPAKDJPAK]A
?GetHeight@@YGPAMJKH]A
?IsValidDateTimeOld@@YG_NKIE]A
?InsertComponentOld@@YGNPAK]A
?CancelWindowInfoA@@YGMINFPAM]A
?RemoveFolderOld@@YGGPAE]A
?ModifyChar@@YG_NPAM]A
?DecrementSystemNew@@YGXPAJPAHPAI]A
?WindowInfoNew@@YGIPAJDMK]A
?SetListItemA@@YGJHF]A
?FindWindowOriginal@@YGKIPAFPAFH]A
?PutFunctionOld@@YGKHKPAIF]A
?AddDirectoryOld@@YGPAHPADED]A
?PutPenExA@@YGIGG]A
?FormatListItemA@@YGPAMDE]A
?SetAnchorW@@YGJEPAEFF]A
?SetComponentOld@@YGGEH]A
?IsValidProviderA@@YGJPA_NPAMFJ]A
?GenerateVersionOld@@YGPAIPAGJ]A
?IsNotDataA@@YGKPAND]A
?ShowStateExW@@YGPAFHKPAJE]A
?KillDeviceA@@YGPAXM]A
?ValidateAppNameOriginal@@YGIPAHIKH]A
?GetMutexOriginal@@YGPAXG]A
?EnumThreadExA@@YGDFNPAGJ]A
?RemoveProfileExA@@YGIH_N]A
?FindTextOriginal@@YGXPAGE]A
?LoadFolderPathOriginal@@YGPAMFKJPAJ]A
?CancelProcessEx@@YGFIPA_NKM]A
?SendDirectoryExW@@YGKPAF]A

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a111ef75405b5c034bdb8a4a2126f7a0

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 746B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 724B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 746B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 724B