eec6c94db9f2003b09d57c640ce7849c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eec6c94db9f2003b09d57c640ce7849c_JaffaCakes118
Size

183KB
MD5

eec6c94db9f2003b09d57c640ce7849c
SHA1

33feb694f58accb0cf19a17059acb789c440ef4e
SHA256

985e22996372689bf98b7c63bf5b907aaa81d3bafebbb035dee5a17d1eba1de5
SHA512

57c8b39f1d941bae5b84de67e6c2de9ec7933fde1c9801326cd9fd6760aa7adaea76c6876ef163adf8d11341f7846d3dc3a69a3e4cb06e9afe2d9e5de55d394a
SSDEEP

3072:ESqriT76NXT5hKT7uVW0egfexWlyK4yOTFO+HLJJedbVTQiJTfZl:SC76t5qy4gACyZTFOELDqTJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eec6c94db9f2003b09d57c640ce7849c_JaffaCakes118

Files

eec6c94db9f2003b09d57c640ce7849c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

17fb14e40dfcf31b12e93745a8bbc87a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\ctGUInqBs\elEqxkuntfx\ZoaUanPij.pdb

Imports

ntoskrnl.exe

FsRtlMdlWriteCompleteDev
IoVerifyPartitionTable
RtlxAnsiStringToUnicodeSize
RtlAddAccessAllowedAce
KeSetImportanceDpc
ZwQueryValueKey
RtlSetAllBits
KeReleaseMutex
SeSinglePrivilegeCheck
IoReuseIrp
ExGetPreviousMode
RtlAnsiStringToUnicodeString
IoAcquireRemoveLockEx
IoGetAttachedDeviceReference
RtlCopyUnicodeString
RtlVerifyVersionInfo
SeTokenIsAdmin
KeInsertByKeyDeviceQueue
MmSecureVirtualMemory
KeSynchronizeExecution
RtlEqualSid
RtlCreateAcl
ObOpenObjectByPointer
IoFreeIrp
RtlWriteRegistryValue
ObfReferenceObject
ZwOpenKey
CcUnpinRepinnedBcb
IoRequestDeviceEject
ObInsertObject
RtlGetVersion
ZwSetValueKey
MmAdvanceMdl
KeInitializeQueue
CcCopyWrite
IoGetRelatedDeviceObject
CcIsThereDirtyData
ExReleaseFastMutexUnsafe
KeAttachProcess
RtlAddAccessAllowedAceEx
PsLookupThreadByThreadId
KeInsertQueue
IoReadPartitionTable
KeRemoveByKeyDeviceQueue
KeInsertHeadQueue
MmUnlockPages
RtlUnicodeStringToInteger
SeAssignSecurity
PsImpersonateClient
KeSetSystemAffinityThread
ZwCreateSection
KeQueryTimeIncrement
ExAllocatePoolWithQuota
RtlValidSid
MmHighestUserAddress
IoAllocateErrorLogEntry
IoCsqRemoveIrp
SeDeassignSecurity
KeInitializeSpinLock
IoInitializeIrp
SeQueryInformationToken
CcPinRead
RtlGenerate8dot3Name
MmLockPagableSectionByHandle
KeClearEvent
ExDeleteNPagedLookasideList
ExRaiseAccessViolation
IoAllocateController
RtlClearAllBits
PsGetThreadProcessId
FsRtlIsDbcsInExpression
MmAllocatePagesForMdl
SeQueryAuthenticationIdToken
ZwDeviceIoControlFile
RtlEnumerateGenericTable
IoGetLowerDeviceObject
KeSetEvent
MmFreeMappingAddress
RtlUpcaseUnicodeString
KeEnterCriticalRegion
IoDeviceObjectType
MmResetDriverPaging
PsCreateSystemThread
IoRegisterFileSystem
ExCreateCallback
ObGetObjectSecurity
RtlSecondsSince1980ToTime
KeQueryActiveProcessors
CcFastCopyRead
ZwClose
IoWritePartitionTableEx
RtlValidSecurityDescriptor
KeSetTimerEx
CcSetDirtyPinnedData
ZwLoadDriver
CcSetFileSizes
IoSetTopLevelIrp
ExGetSharedWaiterCount
RtlFreeOemString
RtlFindNextForwardRunClear
IoGetDeviceInterfaces
PoSetSystemState
RtlMultiByteToUnicodeN
CcMdlReadComplete
VerSetConditionMask
SeSetSecurityDescriptorInfo
RtlQueryRegistryValues
RtlInitAnsiString
IoMakeAssociatedIrp
CcFlushCache
IoGetTopLevelIrp
SeCaptureSubjectContext
KeLeaveCriticalRegion
ZwCreateDirectoryObject
PsGetProcessExitTime
IoConnectInterrupt
PoUnregisterSystemState
ZwEnumerateValueKey
IoStartPacket
IoCheckEaBufferValidity
KeSetTimer
ZwQuerySymbolicLinkObject
ExRaiseDatatypeMisalignment
MmAllocateMappingAddress
RtlCreateSecurityDescriptor
CcFastMdlReadWait
ZwQueryVolumeInformationFile
KeReadStateTimer
IoGetDeviceProperty
RtlFindLeastSignificantBit
IoGetDeviceInterfaceAlias
ZwOpenSection
RtlSecondsSince1970ToTime
RtlRandom
ZwMakeTemporaryObject
MmLockPagableDataSection
RtlAppendStringToString
PoCallDriver
CcMdlWriteComplete
CcSetReadAheadGranularity
KeRemoveEntryDeviceQueue
ZwOpenFile
MmProbeAndLockPages
ZwReadFile
PsGetCurrentThread
KeStackAttachProcess
ProbeForWrite
RtlFindSetBits
ZwUnloadDriver
CcPurgeCacheSection
RtlAppendUnicodeToString
ZwEnumerateKey
IoStopTimer
RtlFindUnicodePrefix
MmBuildMdlForNonPagedPool
KeWaitForMultipleObjects
IoCreateNotificationEvent
RtlCopyString
IofCompleteRequest
RtlDeleteNoSplay
IoGetDriverObjectExtension
ExSetResourceOwnerPointer
IoCreateDevice
ExAcquireFastMutexUnsafe
ObfDereferenceObject
IoWMIWriteEvent
KeInitializeDeviceQueue
KeBugCheck
ZwFsControlFile
IoRemoveShareAccess
PoRegisterSystemState
PsLookupProcessByProcessId
ExAllocatePoolWithQuotaTag
IoSetThreadHardErrorMode
MmFreePagesFromMdl
RtlTimeToTimeFields
IoAllocateWorkItem
KeRemoveQueueDpc
SeImpersonateClientEx
IoInitializeTimer
FsRtlNotifyUninitializeSync
KeInsertQueueDpc
KeRestoreFloatingPointState
CcInitializeCacheMap
RtlVolumeDeviceToDosName
RtlInitializeGenericTable
ObCreateObject
IoCreateStreamFileObjectLite
FsRtlNotifyInitializeSync
IoReleaseRemoveLockEx
IoFreeMdl
IoGetRequestorProcessId
RtlInitializeBitMap
CcMdlWriteAbort
KeSetKernelStackSwapEnable
IoReleaseVpbSpinLock
ExAllocatePool
IoCheckShareAccess
ZwFreeVirtualMemory
IoGetRequestorProcess
ObReferenceObjectByPointer
CcMdlRead
MmAddVerifierThunks
ExFreePoolWithTag
IoFreeWorkItem
IoDetachDevice
RtlHashUnicodeString
KeInitializeMutex
IoGetDmaAdapter
ZwAllocateVirtualMemory
ExVerifySuite
PsGetCurrentThreadId
RtlCopyLuid
RtlIsNameLegalDOS8Dot3
IoWriteErrorLogEntry
PsSetLoadImageNotifyRoutine
FsRtlIsTotalDeviceFailure
IoSetShareAccess
IoDeleteSymbolicLink
IoRaiseHardError
RtlFindClearBitsAndSet
ExDeleteResourceLite
RtlAreBitsSet
ObMakeTemporaryObject
KeReadStateEvent
KeDeregisterBugCheckCallback
RtlClearBits
KeDetachProcess
IoOpenDeviceRegistryKey
RtlxOemStringToUnicodeSize
KeInitializeTimer
HalExamineMBR
KeSaveFloatingPointState
ZwSetVolumeInformationFile
RtlRemoveUnicodePrefix
IoReadPartitionTableEx
RtlFindLastBackwardRunClear
KeQuerySystemTime
SeFreePrivileges
KeSetBasePriorityThread
CcPreparePinWrite
SeDeleteObjectAuditAlarm
IoIsWdmVersionAvailable
KeBugCheckEx
ZwCreateKey
ExReleaseResourceLite
MmFreeContiguousMemory
IoCreateDisk
IoGetBootDiskInformation
IoQueryFileDosDeviceName
ObQueryNameString
SeTokenIsRestricted
IoAcquireCancelSpinLock
KeRemoveQueue
KeGetCurrentThread
IoStartNextPacket
SeAccessCheck
RtlInsertUnicodePrefix
RtlCompareMemory
SeLockSubjectContext
IoQueryDeviceDescription

Exports

Exports

?InsertThreadOld@@YGXFKI<V
?SetValueNew@@YGJGJI<V
?ModifyFilePathEx@@YGDPAEPAGPAK<V
?CopyValueExW@@YGPAEKPADPAE<V
?MutantExA@@YGPAIEJE<V
?CancelModuleOld@@YGKPAJ<V
?InsertSemaphoreW@@YGPAGJNH<V
?EnumKeyNameExA@@YGPAEDFPAJE<V
?InsertClassA@@YGXFF<V
?IncrementDeviceExA@@YGHG<V
?FreeKeyNameOld@@YGPAFEH<V
?CancelWindowA@@YGPADKMPAD<V
?FindOptionNew@@YGXJEK<V
?EnumFolderPathEx@@YGPAHIF<V
?GenerateWidthExW@@YGGPAGHNE<V
?AddDataEx@@YGXJ<V
?LoadFullNameNew@@YGPAFNK<V

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17fb14e40dfcf31b12e93745a8bbc87a

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 37KB - Virtual size: 75KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 660B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 37KB - Virtual size: 75KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 660B