d3c7ebc64ed19a7b798bb6f01ee70950_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d3c7ebc64ed19a7b798bb6f01ee70950_JaffaCakes118
Size

63KB
MD5

d3c7ebc64ed19a7b798bb6f01ee70950
SHA1

2fd39d5d642d0499471073cd9593bf3d769d09fd
SHA256

805f9d420b289df9c172769dc2bda73028c25ba5dd885b9f022cbfc98ccf9111
SHA512

f59874597f86c5b000d04fbe65bf998a1e7c9adebe6c6f22ac82edb5740cbd0923b1279e22f42b75431f64e1db3327a97c7bcc2769da4113fdc59f68aebe886f
SSDEEP

1536:AQC0WsVbga1kbub+DZXKoruTqXDkEs/78PAsp/:bCaVbFCubeuTmDkES8PAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3c7ebc64ed19a7b798bb6f01ee70950_JaffaCakes118

Files

d3c7ebc64ed19a7b798bb6f01ee70950_JaffaCakes118
.dll windows:5 windows x86 arch:x86

33a199df9ab35217eb6d46f7d385b44e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

R:\foJdbtrolK\yoOlgayxmTsa\EsclLjwLsyvu.pdb

Imports

ntoskrnl.exe

RtlWriteRegistryValue
IoFreeMdl
RtlMultiByteToUnicodeN
CcGetFileObjectFromBcb
MmIsThisAnNtAsSystem
IoAcquireCancelSpinLock
RtlUnicodeStringToInteger
RtlDeleteRegistryValue
MmHighestUserAddress
IoGetTopLevelIrp
ObReferenceObjectByHandle
ZwEnumerateKey
ObReferenceObjectByPointer
ExRaiseDatatypeMisalignment
RtlCopySid
FsRtlCheckLockForReadAccess
KeGetCurrentThread
ZwPowerInformation
IoVerifyVolume
KeReadStateTimer
KeInitializeSemaphore
IoConnectInterrupt
CcFlushCache
ZwMapViewOfSection
IoRemoveShareAccess
RtlGenerate8dot3Name
RtlFindSetBits
IoWriteErrorLogEntry
ZwAllocateVirtualMemory
KdDisableDebugger
RtlFindNextForwardRunClear
RtlRandom
MmMapUserAddressesToPage
ZwNotifyChangeKey
MmMapLockedPages
ExDeletePagedLookasideList
KeReleaseSemaphore
ZwClose
ZwCreateKey
PsSetLoadImageNotifyRoutine
KeRevertToUserAffinityThread
ExGetExclusiveWaiterCount
IoWritePartitionTableEx
IoFreeErrorLogEntry
SeCreateClientSecurity
MmPageEntireDriver
IoCreateSynchronizationEvent
RtlFindClearRuns
PoCallDriver
KeReadStateEvent
SePrivilegeCheck
ObfDereferenceObject
RtlTimeToTimeFields
KeQueryActiveProcessors
KeQuerySystemTime
CcFastCopyRead
IoIsSystemThread
KeSetKernelStackSwapEnable
FsRtlCheckLockForWriteAccess
RtlCompareMemory
RtlUpperString
RtlStringFromGUID
MmFreeMappingAddress
SeReleaseSubjectContext
KeInitializeMutex
IoInitializeIrp
SeAppendPrivileges
ExInitializeResourceLite
RtlSubAuthoritySid
IoAllocateController
IoDisconnectInterrupt
RtlFreeOemString
KeInitializeApc
ZwSetSecurityObject
RtlGetNextRange
KeInitializeDpc
RtlDowncaseUnicodeString
IoReadDiskSignature
MmQuerySystemSize
ProbeForRead
KeInsertQueueDpc
KeInsertHeadQueue
FsRtlMdlWriteCompleteDev
IoCreateDisk
IoStopTimer
ExGetSharedWaiterCount
MmGetSystemRoutineAddress
RtlUpcaseUnicodeChar
MmAddVerifierThunks
RtlUnicodeToOemN
RtlGetCallersAddress
RtlRemoveUnicodePrefix
IoInitializeRemoveLockEx
RtlUnicodeToMultiByteN
IoStartTimer
IoGetDeviceToVerify
KeReadStateSemaphore
KeRemoveDeviceQueue
ZwCreateSection
ExUuidCreate
IoReportResourceForDetection
RtlSetBits
MmUnmapIoSpace
PoRequestPowerIrp
ZwOpenFile
FsRtlIsFatDbcsLegal
IoQueueWorkItem
CcIsThereDirtyData
IoSetPartitionInformationEx
KeDetachProcess
ExDeleteNPagedLookasideList
CcMdlWriteComplete
RtlAreBitsClear
CcSetReadAheadGranularity
IoRaiseHardError
IoReleaseCancelSpinLock
IoReportDetectedDevice
FsRtlFreeFileLock
RtlAnsiStringToUnicodeString
MmMapLockedPagesSpecifyCache
CcMapData
KeReleaseMutex
KeFlushQueuedDpcs
SeSinglePrivilegeCheck
RtlFindUnicodePrefix
RtlGetVersion
PsGetProcessExitTime
IoGetDiskDeviceObject
IoAllocateMdl
ExIsProcessorFeaturePresent
RtlUpperChar
MmAllocateMappingAddress
RtlClearAllBits
IoReleaseRemoveLockAndWaitEx
ExAllocatePool
CcUnpinDataForThread
ZwCreateFile
IoGetDeviceObjectPointer
RtlAddAccessAllowedAceEx
ZwQueryKey
KePulseEvent
RtlFreeAnsiString
KeClearEvent
ZwOpenSymbolicLinkObject
IoOpenDeviceRegistryKey
IoUpdateShareAccess
IoInitializeTimer
RtlFillMemoryUlong
ExLocalTimeToSystemTime
IoDeleteController
KeInitializeDeviceQueue
FsRtlFastCheckLockForRead
IoDetachDevice
MmSetAddressRangeModified
RtlEqualString
KeInitializeSpinLock
RtlSetDaclSecurityDescriptor
ObfReferenceObject
SeDeleteObjectAuditAlarm
RtlxAnsiStringToUnicodeSize
MmGetPhysicalAddress
ExAllocatePoolWithQuotaTag
CcZeroData
IoInvalidateDeviceRelations
RtlInitUnicodeString
CcDeferWrite
IoSetDeviceToVerify
KeRegisterBugCheckCallback
FsRtlFastUnlockSingle
KeLeaveCriticalRegion
KeInsertByKeyDeviceQueue
PsDereferencePrimaryToken
CcMdlWriteAbort
DbgPrompt
RtlFindClearBitsAndSet
KeBugCheckEx
RtlInitializeGenericTable
PsChargeProcessPoolQuota
IoVerifyPartitionTable
RtlSecondsSince1980ToTime
KeCancelTimer
IoThreadToProcess
SeOpenObjectAuditAlarm
RtlLengthRequiredSid
CcSetDirtyPinnedData
KeQueryTimeIncrement
IoAcquireRemoveLockEx
IoAllocateErrorLogEntry
IoAcquireVpbSpinLock
KeUnstackDetachProcess
IoBuildPartialMdl
RtlNtStatusToDosError
KeReadStateMutex
ZwQueryVolumeInformationFile
IoAllocateAdapterChannel
IoSetStartIoAttributes
ExAllocatePoolWithTag
KeEnterCriticalRegion
KdEnableDebugger
ObQueryNameString
IoGetDmaAdapter
RtlAnsiCharToUnicodeChar
RtlCreateUnicodeString
RtlFindLastBackwardRunClear
KeSetTimerEx
RtlCopyLuid
CcFastCopyWrite
IoRegisterDeviceInterface
IoInvalidateDeviceState
MmBuildMdlForNonPagedPool
ExReleaseResourceLite
KeSetImportanceDpc
CcSetBcbOwnerPointer
IoWMIWriteEvent
RtlCreateSecurityDescriptor
KeInsertQueue
SeCaptureSubjectContext
ZwCreateEvent
MmSizeOfMdl
MmAllocateNonCachedMemory
IoCreateNotificationEvent
KeRemoveQueueDpc
IoGetAttachedDevice
RtlFindClearBits
IoGetDriverObjectExtension
FsRtlLookupLastLargeMcbEntry
MmFreeContiguousMemory
PoUnregisterSystemState
IoGetCurrentProcess
SeUnlockSubjectContext
IoSetThreadHardErrorMode
RtlExtendedIntegerMultiply
RtlHashUnicodeString
RtlDeleteElementGenericTable
SeAccessCheck
IoWMIRegistrationControl
FsRtlCheckOplock
ZwOpenKey
DbgBreakPointWithStatus
KeInitializeQueue
RtlTimeToSecondsSince1970
RtlCreateAcl
FsRtlIsTotalDeviceFailure
PsGetCurrentThread
CcMdlRead
MmUnmapLockedPages
ObMakeTemporaryObject
KefAcquireSpinLockAtDpcLevel
ExFreePoolWithTag
KeInitializeTimerEx
ZwSetValueKey
ExRaiseAccessViolation
RtlInitializeUnicodePrefix
IoGetRequestorProcess
KeAttachProcess
IoCreateStreamFileObject
MmUnmapReservedMapping
CcCanIWrite
MmProbeAndLockProcessPages
ExRegisterCallback
RtlFindLeastSignificantBit

Exports

Exports

?IsSemaphoreOriginal@@YGIJNPAM<V
?InsertWidthW@@YGGIFHE<V
?CrtComponent@@YGEPAEPAFN<V
?FreeStringExA@@YGPAXMM<V
?SendPointerExA@@YGPAHPAM_N_NF<V
?InstallProviderNew@@YGDGE<V

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33a199df9ab35217eb6d46f7d385b44e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 824B

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 824B