060960fa938461fffa624ce41bae4b6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

060960fa938461fffa624ce41bae4b6a_JaffaCakes118
Size

331KB
MD5

060960fa938461fffa624ce41bae4b6a
SHA1

d2092de64ad131e09c2c543f18d7b0c924ee92f9
SHA256

7fbdcef63b13cd4c423466a5868e23a67c936e6c10eea9a2fa4f612b8fce3576
SHA512

0f1676420e0aa20c324eed29201841cf106702facc7dae1537178ec0df720f05439148fe420a0420b6f518b069d1ac931e9ef5e126fc6a881a62a1e4cb6c587e
SSDEEP

6144:XK49enPKqKGP9wqIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQ7dWim:denPKqKGFwdEXpYrVpmt9jy1l+7xWsHb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
060960fa938461fffa624ce41bae4b6a_JaffaCakes118

Files

060960fa938461fffa624ce41bae4b6a_JaffaCakes118
.sys windows:6 windows x86 arch:x86

0a5d2f796c66f77303561d7d0a8e6390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

afd.pdb

Imports

ntoskrnl.exe

memcpy
KeResetEvent
KeWaitForSingleObject
KeInitializeEvent
memset
ObDereferenceSecurityDescriptor
IoFreeIrp
PsReturnPoolQuota
IoCreateFile
PsChargeProcessPoolQuota
RtlCopyUnicodeString
ExAllocatePoolWithTagPriority
RtlCompareUnicodeString
MmResetDriverPaging
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
EtwWriteTransfer
PsGetCurrentProcessId
EtwActivityIdControl
MmSizeOfMdl
MmBuildMdlForNonPagedPool
IoInitializeIrp
ExRaiseStatus
PsGetProcessExitTime
IoSetIoCompletion
SeUnlockSubjectContext
SeFreePrivileges
SeAppendPrivileges
SeAccessCheck
SeLockSubjectContext
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObLogSecurityDescriptor
SeAssignSecurity
RtlEqualString
RtlInitString
IoAllocateIrp
IoBuildDeviceIoControlRequest
KeSetEvent
ProbeForWrite
ExEventObjectType
ExGetPreviousMode
ExRaiseAccessViolation
ExInitializeResourceLite
ExDeleteResourceLite
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
ExAllocatePoolWithTag
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
ExUnregisterCallback
IoQueueWorkItem
ZwNotifyChangeKey
IoFreeWorkItem
ExInitializeNPagedLookasideList
IoAllocateWorkItem
IoCreateDevice
MmUserProbeAddress
KeLeaveCriticalRegion
KeEnterCriticalRegion
KePulseEvent
MmAdvanceMdl
DbgPrint
ExInterlockedFlushSList
KeFlushQueuedDpcs
_aulldiv
KeSetCoalescableTimer
KeInitializeDpc
KeInitializeTimer
MmLockPagableDataSection
ObCloseHandle
SeDeleteAccessState
SeCreateAccessState
SeQuerySecurityDescriptorInfo
KeReadStateEvent
MmUnlockPagableImageSection
KeRemoveQueueDpc
KeCancelTimer
_alldiv
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
_allmul
KeInitializeTimerEx
ExAcquireResourceSharedLite
KeSetTimer
PsGetCurrentProcess
MmUnmapLockedPages
FsRtlMdlReadComplete
IoCancelIrp
KeDetachProcess
FsRtlMdlRead
KeAttachProcess
IoGetRequestorProcess
FsRtlCopyRead
IoQueryFileInformation
_aullrem
ObFindHandleForObject
ObOpenObjectByName
ObGetObjectType
MmSystemRangeStart
IoThreadToProcess
KeQueryActiveProcessorCountEx
IoReuseIrp
RtlIntegerToUnicode
ObReferenceSecurityDescriptor
RtlAppendUnicodeStringToString
KeDelayExecutionThread
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoWMIWriteEvent
EtwRegister
EtwUnregister
IoGetDeviceAttachmentBaseRef
DbgPrintEx
KeWaitForMultipleObjects
ZwOpenEvent
PsDereferenceImpersonationToken
PsReferenceImpersonationToken
_vsnwprintf
towlower
KeTickCount
RtlUnwind
RtlEqualUnicodeString
RtlPrefixUnicodeString
RtlAppendUnicodeToString
ExAllocatePoolWithQuotaTag
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlInsertExtraCreateParameter
IoSetTopLevelIrp
IoCreateFileEx
ObOpenObjectByPointer
ZwClose
RtlInitUnicodeString
ExCreateCallback
ExEnterCriticalRegionAndAcquireResourceExclusive
ExRegisterCallback
KeGetCurrentThread
ExEnterCriticalRegionAndAcquireResourceShared
ExReleaseResourceAndLeaveCriticalRegion
RtlCompareMemory
IoGetTopLevelIrp
FsRtlFindExtraCreateParameter
KeGetRecommendedSharedDataAlignment
MmQuerySystemSize
MmIsThisAnNtAsSystem
RtlCreateSecurityDescriptor
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
MmMapLockedPages
InterlockedPopEntrySList
KeQueryInterruptTime
IoBuildPartialMdl
IoGetRelatedDeviceObject
IoFileObjectType
IofCallDriver
KeInitializeApc
KeInsertQueueApc
ExQueueWorkItem
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
ObfReferenceObject
memmove
ExFreePoolWithTag
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
ExInitializeLookasideListEx
ExDeleteLookasideListEx
KeQueryMaximumProcessorCountEx
InterlockedExchange
SeReleaseSubjectContext
PsDereferencePrimaryToken
SeTokenType
PsRevertToSelf
SeImpersonateClientEx
SeCreateClientSecurityFromSubjectContext
SeCaptureSubjectContextEx
IofCompleteRequest
MmMapLockedPagesSpecifyCache
IoFreeMdl
ObfDereferenceObject
IoGetCurrentProcess
EtwWrite
KeGetCurrentProcessorNumberEx
ObReferenceObjectByHandle
ExRaiseDatatypeMisalignment
KeBugCheckEx
InterlockedPushEntrySList

hal

KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
KeGetCurrentIrql
KfLowerIrql
KfRaiseIrql
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLock
KfReleaseSpinLock
KfAcquireSpinLock

tdi.sys

TdiRegisterPnPHandlers
TdiDeregisterPnPHandlers
TdiMatchPdoWithChainedReceiveContext
TdiReturnChainedReceives
TdiCopyBufferToMdl
TdiCopyMdlToBuffer

netio.sys

NetioInitializeWorkQueue
NetioInsertWorkQueue
NetioShutdownWorkQueue
NmrProviderDetachClientComplete
NmrRegisterProvider
NmrDeregisterProvider
NmrWaitForProviderDeregisterComplete
NmrClientAttachProvider
NmrClientDetachProviderComplete
NmrRegisterClient
NmrDeregisterClient
NmrWaitForClientDeregisterComplete
NsiAllocateAndGetTable
NsiFreeTable
NsiRegisterChangeNotification
NsiDeregisterChangeNotification
NsiGetAllParameters
RtlInitializeTimerWheel
RtlUpdateCurrentTimerWheelTick
RtlGetNextExpiredTimerWheelEntry
RtlReturnTimerWheelEntry
RtlIndicateTimerWheelEntryTimerStart
RtlCleanupTimerWheelEntry
RtlInitializeTimerWheelEntry
RtlSuspendTimerWheel
RtlCleanupTimerWheel
RtlCopyMdlToMdl
RtlCopyMdlToBuffer

msrpc.sys

RpcAsyncInitializeHandle
RpcBindingFree
RpcBindingSetOption
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcExceptionFilter
NdrAsyncClientCall

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEAFD
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESAN
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEWTDI
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDAT1
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a5d2f796c66f77303561d7d0a8e6390

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

tdi.sys

netio.sys

msrpc.sys

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 3KB

PAGE Size: 58KB - Virtual size: 58KB

PAGEAFD Size: 105KB - Virtual size: 105KB

PAGESAN Size: 10KB - Virtual size: 9KB

PAGEWTDI Size: 14KB - Virtual size: 14KB

PAGEDAT1 Size: 512B - Virtual size: 392B

INIT Size: 12KB - Virtual size: 12KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 3KB

PAGE
Size: 58KB - Virtual size: 58KB

PAGEAFD
Size: 105KB - Virtual size: 105KB

PAGESAN
Size: 10KB - Virtual size: 9KB

PAGEWTDI
Size: 14KB - Virtual size: 14KB

PAGEDAT1
Size: 512B - Virtual size: 392B

INIT
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 13KB - Virtual size: 13KB