ea554a7bdd770c9faa3402a2dfac58f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea554a7bdd770c9faa3402a2dfac58f6_JaffaCakes118
Size

183KB
MD5

ea554a7bdd770c9faa3402a2dfac58f6
SHA1

5110c15f647e4f672245142b74199f838d6a0cc5
SHA256

939a2874a4bd50f3999ac9d07b15dba6008c09fed3e18ae167083d1e68694c04
SHA512

bdaff0f147ca5ee7a75e525a4a2cb3206f91015d9a85aff4ac091e37eb10ffcf7d508bcc73a23033e4b37503655f44b5cb41116185fa467418400256e9b317a7
SSDEEP

3072:LHQdqHIF/c5We3b68AegfexWlyK4yOTFO+HLJJedbVTQiJTfZl:mdcPG6gACyZTFOELDqTJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea554a7bdd770c9faa3402a2dfac58f6_JaffaCakes118

Files

ea554a7bdd770c9faa3402a2dfac58f6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b7aeaaf4e8e45af8f70830324fce593e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\edbokWcqzj\wfIlpjjzMk\ckMxvXJdo\ohzEXznxsEEf\nxpkrgf.pdb

Imports

ntoskrnl.exe

IofCallDriver
KeInsertByKeyDeviceQueue
PsGetVersion
RtlCompareString
CcFlushCache
MmAddVerifierThunks
KeDeregisterBugCheckCallback
IoGetDeviceAttachmentBaseRef
KePulseEvent
CcZeroData
KeDelayExecutionThread
IoWriteErrorLogEntry
KeDetachProcess
FsRtlIsTotalDeviceFailure
MmQuerySystemSize
KeReadStateMutex
DbgBreakPoint
IoSetDeviceInterfaceState
KeInitializeMutex
IoReleaseCancelSpinLock
MmIsVerifierEnabled
RtlFreeOemString
FsRtlAllocateFileLock
MmIsAddressValid
MmMapIoSpace
CcSetBcbOwnerPointer
KeLeaveCriticalRegion
KeRegisterBugCheckCallback
SeUnlockSubjectContext
RtlDelete
IoGetBootDiskInformation
RtlInt64ToUnicodeString
IoGetCurrentProcess
PsChargeProcessPoolQuota
CcMdlRead
IoUnregisterFileSystem
ExAcquireFastMutexUnsafe
IoGetDeviceToVerify
PsDereferencePrimaryToken
RtlSecondsSince1970ToTime
RtlxOemStringToUnicodeSize
ExSetResourceOwnerPointer
KeRemoveByKeyDeviceQueue
IoCreateSymbolicLink
IoCreateStreamFileObject
PsGetCurrentProcessId
RtlClearAllBits
RtlSplay
KeSetSystemAffinityThread
PsTerminateSystemThread
MmUnlockPagableImageSection
RtlUnicodeToMultiByteN
KeSetPriorityThread
ExCreateCallback
RtlFindClearRuns
IoFreeController
IoDeleteDevice
KeQueryInterruptTime
CcMdlReadComplete
MmMapLockedPagesSpecifyCache
KeAttachProcess
KeInsertHeadQueue
IoAllocateController
IoAcquireRemoveLockEx
KeQueryActiveProcessors
FsRtlMdlWriteCompleteDev
PsGetThreadProcessId
KeReleaseMutex
IoGetDeviceProperty
ZwOpenProcess
IoCreateNotificationEvent
IoVerifyVolume
IoInitializeIrp
MmForceSectionClosed
ZwCreateDirectoryObject
RtlSetDaclSecurityDescriptor
RtlNtStatusToDosError
FsRtlDeregisterUncProvider
IoInvalidateDeviceRelations
KefAcquireSpinLockAtDpcLevel
KeInsertDeviceQueue
IoAcquireCancelSpinLock
IoVolumeDeviceToDosName
IoRegisterDeviceInterface
KeInitializeTimerEx
ObReleaseObjectSecurity
ZwOpenSymbolicLinkObject
RtlInitAnsiString
RtlAddAccessAllowedAceEx
KeClearEvent
IoInvalidateDeviceState
RtlInitString
ZwQueryObject
RtlUnicodeStringToAnsiString
RtlDeleteNoSplay
ExDeleteResourceLite
CcMdlWriteAbort
IoFreeWorkItem
MmLockPagableSectionByHandle
FsRtlFastCheckLockForRead
ExSystemTimeToLocalTime
RtlTimeToSecondsSince1980
CcUnpinDataForThread
ExLocalTimeToSystemTime
FsRtlIsHpfsDbcsLegal
KeInitializeSpinLock
ZwCreateEvent
RtlInitializeSid
PsGetProcessExitTime
RtlInitUnicodeString
RtlGetCallersAddress
KeSetTargetProcessorDpc
KeUnstackDetachProcess
FsRtlNotifyInitializeSync
IoAllocateIrp
IoQueryFileInformation
ExDeletePagedLookasideList
CcPurgeCacheSection
RtlRemoveUnicodePrefix
ZwQueryVolumeInformationFile
HalExamineMBR
FsRtlGetNextFileLock
KeFlushQueuedDpcs
IofCompleteRequest
ProbeForWrite
RtlLengthSecurityDescriptor
MmFreeMappingAddress
CcCopyWrite
RtlLengthSid
ZwDeleteValueKey
RtlFindMostSignificantBit
RtlAddAccessAllowedAce
CcSetReadAheadGranularity
IoGetDmaAdapter
CcUnpinRepinnedBcb
RtlMultiByteToUnicodeN
ObCreateObject
RtlCheckRegistryKey
PsSetLoadImageNotifyRoutine
SeAppendPrivileges
IoFreeMdl
KeSetKernelStackSwapEnable
IoStartPacket
IoIsSystemThread
KeSetTimerEx
FsRtlFastUnlockSingle
KeCancelTimer
MmSecureVirtualMemory
IoStopTimer
ZwUnloadDriver
CcRemapBcb
CcPinRead
IoGetRequestorProcess
KeInitializeQueue
SeQueryAuthenticationIdToken
RtlInitializeBitMap
IoReportResourceForDetection
CcSetFileSizes
RtlUpcaseUnicodeToOemN
RtlInitializeGenericTable
IoCreateDevice
KeRemoveDeviceQueue
RtlLengthRequiredSid
CcPreparePinWrite
RtlVolumeDeviceToDosName
ZwEnumerateValueKey
ZwPowerInformation
IoDisconnectInterrupt
MmUnsecureVirtualMemory
IoSetHardErrorOrVerifyDevice
IoReleaseRemoveLockEx
IoSetStartIoAttributes
IoFreeErrorLogEntry
RtlCopyString
KeBugCheck
PsGetCurrentThreadId
KeRevertToUserAffinityThread
IoGetDriverObjectExtension
IoStartTimer
IoGetDeviceObjectPointer
ZwLoadDriver
ObReferenceObjectByHandle
IoAllocateErrorLogEntry
RtlUnicodeStringToInteger
IoConnectInterrupt
MmResetDriverPaging
RtlSubAuthoritySid
SeQueryInformationToken
IoGetAttachedDevice
CcDeferWrite
ObfReferenceObject
KeReadStateTimer
KeSetBasePriorityThread
IoReuseIrp
SeSinglePrivilegeCheck
IoCheckQuotaBufferValidity
KeBugCheckEx
ObfDereferenceObject
MmAdvanceMdl
ObInsertObject
ZwQueryInformationFile
PsImpersonateClient
MmAllocateContiguousMemory
RtlFindNextForwardRunClear
MmPageEntireDriver
IoReleaseVpbSpinLock
IoBuildSynchronousFsdRequest
RtlCreateSecurityDescriptor
IoSetTopLevelIrp
ZwAllocateVirtualMemory
RtlFindUnicodePrefix
PsGetCurrentThread
MmProbeAndLockPages
RtlTimeToSecondsSince1970
RtlTimeFieldsToTime
CcInitializeCacheMap
KeRemoveEntryDeviceQueue
RtlClearBits
MmAllocatePagesForMdl
RtlFillMemoryUlong
KeInitializeSemaphore
PoRequestPowerIrp
PsLookupProcessByProcessId
CcCopyRead
KeQueryTimeIncrement
ExRaiseDatatypeMisalignment
PsLookupThreadByThreadId
IoReportDetectedDevice
ExQueueWorkItem
MmHighestUserAddress
MmUnlockPages
ExRaiseStatus
ZwQuerySymbolicLinkObject
MmGetSystemRoutineAddress
IoRegisterFileSystem
ExVerifySuite
KeWaitForSingleObject
ZwMakeTemporaryObject
RtlDeleteElementGenericTable
MmIsDriverVerifying
RtlEqualString
RtlCreateAcl
RtlNumberOfClearBits
IoDeviceObjectType
SeAssignSecurity
IoFreeIrp
ExSetTimerResolution
MmBuildMdlForNonPagedPool
ZwSetSecurityObject
KeReadStateEvent
IoVerifyPartitionTable
RtlIntegerToUnicodeString
IoCreateFile
KeReleaseSemaphore
CcMapData
ExReinitializeResourceLite
FsRtlIsDbcsInExpression
ZwEnumerateKey

Exports

Exports

?CopyFullName@@YGPAJEPAM&U
?IncrementMutantExW@@YGPAEHKPANPAE&U
?CancelPenOriginal@@YGPAHPAIN&U
?OnPathOriginal@@YGHMIPAEJ&U
?InsertTaskOriginal@@YGPAKIPA_NPAEK&U
?IsNotCharEx@@YGGDGPAFM&U
?OnConfigExW@@YGGPAII&U
?OnStateW@@YGDDM&U
?DeleteSectionEx@@YGKPADPAE&U
?CloseProcess@@YG_NKHF&U
?InsertPointerNew@@YGPADPAHJD&U
?FindEventExA@@YGPAXPAH&U
?IsProfileA@@YG_NEHDPAM&U
?ModifyPathNew@@YGPAFFI&U
?KillHeightExA@@YGXNJPAN_N&U
?CloseListW@@YGXNE&U
?OnEventOld@@YG_NPAFFII&U
?CrtProcessOld@@YGXPAMIH&U
?FreePathA@@YGPAGF&U
?CancelConfigW@@YGPAGPAFMN&U
?KillTimerNew@@YGGPAHPAF&U
?AddTaskA@@YGJPAHPAEPAF&U
?HidePenExW@@YGMD&U
?InstallWindowNew@@YGDGPAGFPAG&U
?InsertProjectW@@YGGFH_N&U
?CopyProviderA@@YGIPAIFK&U
?ModifyProcessOld@@YGHHK&U
?SetMessageEx@@YGPAMFHPAD&U
?RtlFolderPathEx@@YGDD_ND&U
?DeleteFunctionEx@@YGPAEIDPAD&U
?CallFolderExW@@YGXG&U
?IncrementComponentExW@@YGXPAM&U
?InvalidateDialogOriginal@@YGPAFPAJKKJ&U
?EnumState@@YGJPA_NGGPA_N&U
?CopyData@@YGEEHJH&U
?IncrementDialog@@YGXGFE&U
?CallTextExA@@YGMJPA_N&U

Sections

.text
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7aeaaf4e8e45af8f70830324fce593e

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 54KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 673B

.data Size: 36KB - Virtual size: 35KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 668B

.text
Size: 25KB - Virtual size: 54KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 673B

.data
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 668B