0d59dca18ef03dc4781a0615050313a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d59dca18ef03dc4781a0615050313a9_JaffaCakes118
Size

106KB
MD5

0d59dca18ef03dc4781a0615050313a9
SHA1

5a4e262592662dcf4755c6b5005604a4f329e121
SHA256

e329395152a5e91a30c947576a686546ccebefc3d79a7fd70bb9fa1450460e24
SHA512

b3af637f58500fc191c40100555018ffd41c7437ae0a07f633bfd1234114b3ce7be9505b0e342bf46f327aaf23601dc55ee25d7dee9042161d77438106f630bb
SSDEEP

1536:poLePWMM22pcVZe9C/HwubVNNW3/0QukNcoI13DXo925bVn+KuwqjEwy:lWMM9+RH9VDWMJkNcbzCIVnijEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d59dca18ef03dc4781a0615050313a9_JaffaCakes118

Files

0d59dca18ef03dc4781a0615050313a9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

aba9013ee923b851229f39b6319a48e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\xcheBNJeK\cAaeeybc\aiimmTeCexdi\DlxsplcZqRCer.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
SeDeassignSecurity
SeTokenIsAdmin
FsRtlCheckOplock
RtlAddAccessAllowedAceEx
KeWaitForMultipleObjects
ExAllocatePoolWithTag
MmUnlockPages
RtlCompareUnicodeString
KeClearEvent
RtlFindUnicodePrefix
RtlGetCallersAddress
RtlFindClearRuns
IoSetStartIoAttributes
FsRtlFreeFileLock
MmLockPagableSectionByHandle
IoSetPartitionInformation
PsReferencePrimaryToken
RtlRandom
CcGetFileObjectFromBcb
CcPurgeCacheSection
ZwCreateEvent
CcFlushCache
IoGetDeviceInterfaceAlias
IoGetDriverObjectExtension
ZwFsControlFile
ExReleaseFastMutexUnsafe
RtlWriteRegistryValue
KeRevertToUserAffinityThread
KeInitializeApc
RtlUnicodeStringToInteger
KeInitializeEvent
RtlIsNameLegalDOS8Dot3
IoReleaseRemoveLockEx
IoCreateDevice
ZwMakeTemporaryObject
SeImpersonateClientEx
FsRtlAllocateFileLock
RtlSetAllBits
IoRequestDeviceEject
MmSecureVirtualMemory
ZwFlushKey
FsRtlFastCheckLockForRead
SeQueryInformationToken
ZwCreateDirectoryObject
IoQueryFileDosDeviceName
ZwQueryObject
MmBuildMdlForNonPagedPool
CcPinRead
MmMapUserAddressesToPage
IoAcquireRemoveLockEx
MmUnsecureVirtualMemory
MmAllocateContiguousMemory
PsGetCurrentThread
RtlAppendStringToString
ExRaiseAccessViolation
RtlInitializeBitMap
IoCreateStreamFileObjectLite
SeTokenIsRestricted
MmGetPhysicalAddress
ZwLoadDriver
RtlCreateSecurityDescriptor
PoRequestPowerIrp
RtlCopySid
RtlInsertUnicodePrefix
RtlTimeFieldsToTime
RtlInitializeSid
CcSetBcbOwnerPointer
SeValidSecurityDescriptor
IoAllocateIrp
IoDetachDevice
RtlAreBitsSet
IoCreateFile
RtlQueryRegistryValues
IoAllocateController
IoReadPartitionTableEx
ZwMapViewOfSection
IoSetThreadHardErrorMode
IoGetDiskDeviceObject
RtlStringFromGUID
KeRemoveQueue
RtlSetDaclSecurityDescriptor
CcRemapBcb
MmAllocateNonCachedMemory
ExAcquireResourceSharedLite
IoAllocateAdapterChannel
ExReinitializeResourceLite
IoAllocateErrorLogEntry
IoWMIRegistrationControl
PsGetProcessId
CcMdlRead
ExGetPreviousMode
ExDeleteResourceLite
PsImpersonateClient
KeGetCurrentThread
SeReleaseSubjectContext
ExLocalTimeToSystemTime
IoReleaseVpbSpinLock
MmAllocateMappingAddress
KeWaitForSingleObject
RtlAnsiCharToUnicodeChar
KePulseEvent
IoGetDeviceToVerify
KeSetBasePriorityThread
IoVerifyPartitionTable
FsRtlCheckLockForReadAccess
MmIsVerifierEnabled
RtlPrefixUnicodeString
IoRegisterDeviceInterface
KeInsertByKeyDeviceQueue
SeSinglePrivilegeCheck
RtlCopyUnicodeString
KeRemoveByKeyDeviceQueue
RtlxAnsiStringToUnicodeSize
FsRtlIsHpfsDbcsLegal
IoSetShareAccess
RtlMultiByteToUnicodeN
SeLockSubjectContext
FsRtlFastUnlockSingle
RtlSplay
ZwEnumerateKey
DbgPrompt
ExFreePool
CcSetFileSizes
RtlUpperChar
CcFastCopyRead
MmMapLockedPagesSpecifyCache
CcUnpinDataForThread
FsRtlGetNextFileLock
IoStartTimer
ExInitializeResourceLite
PsRevertToSelf
RtlUpcaseUnicodeChar
CcUninitializeCacheMap
IoVolumeDeviceToDosName
KeReadStateTimer
RtlInitializeUnicodePrefix
RtlInitAnsiString
KeRundownQueue
IoIsWdmVersionAvailable
RtlGetNextRange
SeDeleteObjectAuditAlarm
ExUuidCreate
ObReleaseObjectSecurity
PsCreateSystemThread
ObCreateObject
ExDeleteNPagedLookasideList
MmHighestUserAddress
ZwEnumerateValueKey
IoCreateSynchronizationEvent
IoSetSystemPartition
PsGetCurrentProcessId
PsDereferencePrimaryToken
ZwNotifyChangeKey
FsRtlSplitLargeMcb
VerSetConditionMask
PsGetProcessExitTime
RtlFillMemoryUlong
MmAddVerifierThunks
CcMdlReadComplete
PsSetLoadImageNotifyRoutine
RtlAnsiStringToUnicodeString
CcPinMappedData
KeInsertHeadQueue
ObQueryNameString
MmProbeAndLockPages
ZwQueryInformationFile
IoFreeMdl
KeQuerySystemTime
IoCheckShareAccess
IoWritePartitionTableEx
ZwOpenFile
IoGetLowerDeviceObject
IoCreateDisk
ZwDeleteValueKey
CcCopyRead
MmFreeContiguousMemory
KeFlushQueuedDpcs
FsRtlIsDbcsInExpression
KeInitializeDeviceQueue
IoWMIWriteEvent
MmSizeOfMdl
RtlDeleteElementGenericTable
KeInitializeDpc
MmUnmapReservedMapping
IoAllocateMdl
IoRegisterFileSystem
RtlDowncaseUnicodeString
MmFreePagesFromMdl
ZwDeleteKey
ZwQueryValueKey
RtlFindClearBits
RtlInt64ToUnicodeString
ObMakeTemporaryObject
KeUnstackDetachProcess
KeRemoveDeviceQueue
KeRegisterBugCheckCallback
IoCheckEaBufferValidity
PsLookupProcessByProcessId
MmUnmapLockedPages
PsIsThreadTerminating
RtlAppendUnicodeToString
RtlInitializeGenericTable
RtlFreeAnsiString
MmAllocatePagesForMdl
PoRegisterSystemState
MmCanFileBeTruncated
CcCanIWrite
KeRemoveEntryDeviceQueue
ZwSetSecurityObject
RtlDeleteRegistryValue
IoGetCurrentProcess
RtlSecondsSince1980ToTime
ExIsProcessorFeaturePresent
IoStartPacket
RtlVerifyVersionInfo
IoGetTopLevelIrp
PsGetCurrentThreadId
ExAllocatePoolWithQuota
MmIsThisAnNtAsSystem
ExSystemTimeToLocalTime
RtlLengthSecurityDescriptor
ExVerifySuite
ExUnregisterCallback
KeInitializeMutex
MmForceSectionClosed
ExAllocatePool
KeDelayExecutionThread
KeEnterCriticalRegion
ZwQuerySymbolicLinkObject
IoReadDiskSignature
RtlCreateRegistryKey
CcDeferWrite
IoCheckQuotaBufferValidity
KeBugCheck
RtlUnicodeStringToAnsiString
MmMapIoSpace
PsGetThreadProcessId
ObOpenObjectByPointer
ZwQueryVolumeInformationFile
KeQueryInterruptTime
MmUnlockPagableImageSection
RtlFreeOemString
IoGetStackLimits
RtlUpcaseUnicodeString
RtlVolumeDeviceToDosName
CcFastMdlReadWait
FsRtlCheckLockForWriteAccess
MmLockPagableDataSection
KeInsertDeviceQueue
IoSetHardErrorOrVerifyDevice
IoAcquireVpbSpinLock
IoRaiseHardError
KeSetEvent
PsGetCurrentProcess
KeBugCheckEx
KeDetachProcess
ExSetResourceOwnerPointer
CcRepinBcb
IoDeleteController

Exports

Exports

?InvalidateMonitorExA@@YGXPAJ~U
?CancelDirectoryEx@@YGFPAF~U
?CrtExpressionExA@@YGPADEPAGK~U
?InstallWindowExW@@YGPAXPADENE~U
?CallValueEx@@YGPAIPAH~U
?AddDateOriginal@@YGXHNPAH~U
?ShowConfigW@@YGPAJI~U
?GenerateProjectOriginal@@YGPAHDKF~U
?IsNotFolderPathOriginal@@YGEPAHPAN~U
?GlobalExpressionNew@@YGDPAN~U
?LoadHeightExW@@YGMG~U
?InsertConfigExW@@YGFPAEDIH~U
?IncrementTaskExW@@YGPAHF~U
?OnOptionExW@@YGPAGEJPAJE~U
?IncrementDateTimeExA@@YGGPAEGHH~U
?FormatFolderExA@@YGPAHI_NM~U
?OnDateExW@@YGIMPAE_N~U
?EnumMutex@@YGXPAGPAJ~U
?EnumModuleA@@YGEIMDJ~U
?GenerateProfileEx@@YGDGPAH~U
?CopyMemoryExA@@YGXPAIPAEPAEK~U
?EnumTaskNew@@YGNJI~U
?RtlDirectoryOriginal@@YGXDPAHK~U
?OnKeyboardA@@YGEIFEI~U
?ShowModuleOriginal@@YGPAHPAI~U
?OnSizeW@@YGKII~U
?CloseDialogExW@@YGKPADPAFJ~U
?IncrementDialogEx@@YGEPAKPAHPAE~U
?GenerateProjectOld@@YG_NHGG~U
?AddSemaphoreNew@@YGHPAMPAM~U
?DecrementDateTimeA@@YGXEPAH~U
?GlobalKeyboardExW@@YGIPAFFGK~U
?InvalidateOptionA@@YGPAXJEH~U
?CallModuleExA@@YGPAIIHIH~U
?PutStringA@@YGPAHN~U

Sections

.text
Size: 30KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba9013ee923b851229f39b6319a48e3

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 42KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 282B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 30KB - Virtual size: 42KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 282B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 704B