dfc57f54fbfef0d34ecb547bb5a866c2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dfc57f54fbfef0d34ecb547bb5a866c2_JaffaCakes118
Size

444KB
MD5

dfc57f54fbfef0d34ecb547bb5a866c2
SHA1

7a1a3c9fbd12f6bd7b6a5e5183c82113e43fd8ba
SHA256

1551b1bbf570e0496243c8382342f7b35896895ab2934d8cc6b95f9ae5bbe389
SHA512

01bcd4d7b5d3bd13a163befaaaaaf7e9cb604483a17003125e82666f302197417fcf4c818e8d65f9e11aa929a1b15b70e88e0d33776d84395e8d886d816113d3
SSDEEP

12288:mNI3YejrUmkweiDXi+ypc59fcFan9xK7:msHc+ypc59fcq9xK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfc57f54fbfef0d34ecb547bb5a866c2_JaffaCakes118

Files

dfc57f54fbfef0d34ecb547bb5a866c2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

300dc7751b9ad02a4d258882aaba42aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\yjbPpgHjCqyDdt\iSbssvvzs\fsaPsfBip\gpfOaufG.pdb

Imports

ntoskrnl.exe

CcInitializeCacheMap
ExGetPreviousMode
PsGetCurrentThread
RtlValidSecurityDescriptor
ZwReadFile
MmAddVerifierThunks
IoRemoveShareAccess
CcUnpinRepinnedBcb
SeQueryAuthenticationIdToken
ZwSetValueKey
RtlLengthSecurityDescriptor
IoInitializeIrp
IoAllocateErrorLogEntry
ExReleaseResourceLite
ProbeForWrite
SeAccessCheck
RtlSplay
ExAllocatePoolWithQuotaTag
RtlAnsiStringToUnicodeString
RtlQueryRegistryValues
PsImpersonateClient
SeImpersonateClientEx
RtlAreBitsSet
ExDeleteNPagedLookasideList
FsRtlCheckLockForReadAccess
IoGetDeviceInterfaces
RtlUnicodeStringToOemString
RtlAddAccessAllowedAce
ZwFsControlFile
RtlxAnsiStringToUnicodeSize
IoCheckShareAccess
ZwUnloadDriver
PsGetVersion
IoSetDeviceToVerify
IofCompleteRequest
CcCopyWrite
RtlEqualString
RtlCompareString
ZwMakeTemporaryObject
KeSetPriorityThread
FsRtlMdlWriteCompleteDev
IoCreateNotificationEvent
ExRaiseAccessViolation
IoStopTimer
IoQueryDeviceDescription
MmUnsecureVirtualMemory
IoGetRelatedDeviceObject
ZwAllocateVirtualMemory
ZwQueryVolumeInformationFile
ExGetSharedWaiterCount
RtlGetVersion
FsRtlIsNameInExpression
IoReleaseCancelSpinLock
KeDeregisterBugCheckCallback
IoWriteErrorLogEntry
KeQuerySystemTime
ZwCreateKey
CcSetDirtyPinnedData
RtlAnsiCharToUnicodeChar
RtlEqualSid
IoStartPacket
IofCallDriver
KeSetSystemAffinityThread
RtlVolumeDeviceToDosName
IoIsSystemThread
KeAttachProcess
ExAllocatePoolWithQuota
KeSetImportanceDpc
RtlSetAllBits
IoStartNextPacket
KeRundownQueue
KeSaveFloatingPointState
IoGetDeviceProperty
IoCreateStreamFileObjectLite
IoGetTopLevelIrp
ProbeForRead
IoRaiseHardError
RtlUpcaseUnicodeString
IoCreateDisk
RtlCreateSecurityDescriptor
IoDeleteDevice
ZwLoadDriver
MmResetDriverPaging
IoAcquireRemoveLockEx
KeRemoveEntryDeviceQueue
ExSystemTimeToLocalTime
MmLockPagableDataSection
RtlClearBits
VerSetConditionMask
RtlFindLastBackwardRunClear
FsRtlIsDbcsInExpression
ZwEnumerateKey
IoCsqRemoveIrp
MmIsThisAnNtAsSystem
ObInsertObject
DbgBreakPointWithStatus
IoAcquireCancelSpinLock
KdDisableDebugger
KeSetEvent
ExDeleteResourceLite
MmIsDriverVerifying
KeRemoveQueueDpc
IoInitializeTimer
KeResetEvent
KeClearEvent
PsGetThreadProcessId
RtlUpcaseUnicodeChar
IoGetDmaAdapter
IoFreeMdl
IoAllocateWorkItem
MmSecureVirtualMemory
CcMdlWriteComplete
ZwDeviceIoControlFile
IoMakeAssociatedIrp
IoGetLowerDeviceObject
RtlOemStringToUnicodeString
PoCallDriver
RtlFindNextForwardRunClear
RtlCopyUnicodeString
ZwOpenFile
MmForceSectionClosed
ExUnregisterCallback
MmMapIoSpace
RtlMultiByteToUnicodeN
PoRegisterSystemState
IoGetDriverObjectExtension
IoCheckEaBufferValidity
IoDeleteSymbolicLink
ZwClose
PsIsThreadTerminating
MmGetPhysicalAddress
RtlClearAllBits
CcMdlReadComplete
MmAllocateNonCachedMemory
IoReportDetectedDevice
ObfReferenceObject
IoGetAttachedDeviceReference
KeSetTimerEx
IoRegisterFileSystem
CcMdlWriteAbort
RtlUpcaseUnicodeToOemN
ZwFlushKey
KeInitializeQueue
KeInsertQueueDpc
PoUnregisterSystemState
ZwOpenKey
MmGetSystemRoutineAddress
SeTokenIsRestricted
KeReadStateEvent
ExLocalTimeToSystemTime
IoSetHardErrorOrVerifyDevice
ExSetTimerResolution
ZwEnumerateValueKey
IoWMIRegistrationControl
RtlNtStatusToDosError
RtlInitAnsiString
MmUnlockPages
FsRtlIsTotalDeviceFailure
IoGetDeviceInterfaceAlias
ZwOpenSection
RtlDeleteNoSplay
MmIsVerifierEnabled
ExUuidCreate
RtlDeleteElementGenericTable
MmAllocatePagesForMdl
RtlAppendUnicodeToString
PsGetProcessExitTime
KeInitializeSpinLock
ZwSetVolumeInformationFile
IoSetTopLevelIrp
RtlInitializeBitMap
FsRtlNotifyInitializeSync
RtlEqualUnicodeString
RtlFindClearBitsAndSet
IoDeviceObjectType
IoFreeIrp
IoQueryFileDosDeviceName
KeLeaveCriticalRegion
IoCreateFile
RtlInsertUnicodePrefix
IoWritePartitionTableEx
ExFreePoolWithTag
RtlSecondsSince1970ToTime
CcUnpinData
MmMapLockedPagesSpecifyCache
IoThreadToProcess
SeDeleteObjectAuditAlarm
RtlRandom
RtlCopyLuid
RtlTimeFieldsToTime
RtlxOemStringToUnicodeSize
MmAllocateMappingAddress
IoSetThreadHardErrorMode
ObQueryNameString
PoSetSystemState
KeInitializeTimer
IoReadPartitionTable
ObMakeTemporaryObject
CcPurgeCacheSection
IoGetBootDiskInformation
RtlCopyString
MmProbeAndLockPages
CcFastMdlReadWait
KeBugCheckEx
ObGetObjectSecurity
IoDetachDevice
RtlFindLeastSignificantBit
CcSetFileSizes
SeDeassignSecurity
KeRestoreFloatingPointState
ObCreateObject
IoDeleteController
SeLockSubjectContext
IoIsWdmVersionAvailable
HalExamineMBR
IoOpenDeviceRegistryKey
FsRtlCheckOplock
KeEnterCriticalRegion
PsSetLoadImageNotifyRoutine
KeQueryActiveProcessors
RtlInitializeGenericTable
MmFreeContiguousMemory
ExInitializeResourceLite
ZwCreateFile
PsLookupThreadByThreadId
KeSetBasePriorityThread
IoAllocateController
ExReinitializeResourceLite
MmHighestUserAddress
ExQueueWorkItem
ZwCreateDirectoryObject
KeInsertQueue
RtlCopySid
KeWaitForMultipleObjects
ExSetResourceOwnerPointer
MmFreePagesFromMdl
KeReadStateSemaphore
FsRtlCheckLockForWriteAccess
RtlFindSetBits
RtlGenerate8dot3Name
KeRemoveQueue
SeAssignSecurity
RtlCompareMemory
KeStackAttachProcess
MmAdvanceMdl
RtlHashUnicodeString
IoFreeErrorLogEntry
IoCreateDevice
RtlFreeOemString
ExReleaseFastMutexUnsafe
MmBuildMdlForNonPagedPool
CcFastCopyRead
MmFreeMappingAddress
KeInitializeSemaphore
KeSetKernelStackSwapEnable
CcSetReadAheadGranularity
RtlAppendStringToString
FsRtlNotifyUninitializeSync
RtlxUnicodeStringToAnsiSize
RtlSecondsSince1980ToTime
RtlWriteRegistryValue
ObReferenceObjectByPointer

Exports

Exports

?RtlKeyboardOriginal@@YGEJ<V
?GenerateHeightExA@@YGGPAJEPAHJ<V
?ModifyFilePathEx@@YGDPAEPAGPAK<V
?LoadFullNameNew@@YGPAFNK<V
?RtlSectionA@@YGJPANPAEN<V
?CloseFolderPathExA@@YGMPAK<V
?ShowHeaderEx@@YGGMDGPA_N<V
?GenerateWidthExW@@YGGPAGHNE<V
?OnProviderOld@@YGXD<V
?PutFunctionEx@@YG_NI_NJG<V
?IncrementStateExW@@YGNPAGD<V
?ShowDataNew@@YGXEJ<V
?CloseCommandLineW@@YGPAMJH<V
?HideThreadNew@@YGND<V
?RemoveObjectW@@YGHPAEKPADPAE<V
?ShowPointExA@@YGGPAKPAMPAG<V
?InvalidateProviderEx@@YGIF<V
?AddDataEx@@YGXJ<V

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

300dc7751b9ad02a4d258882aaba42aa

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 21KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 21KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 816B