13512c54c3fb55a6ecbf6e51a5c402b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13512c54c3fb55a6ecbf6e51a5c402b1_JaffaCakes118
Size

61KB
MD5

13512c54c3fb55a6ecbf6e51a5c402b1
SHA1

f624aed6cc23e36acd1cb0e2407b34c8384b1909
SHA256

86633e9cf74571ae3a42b69cf3970970851c20592327f6308cdde496fe5f01d0
SHA512

2c3b79b986d8734b3bd14352d237992deb2a346abc1f9ef78c34d4e703a374ee9db0a033867e5163930cbcb4746dfb7e7785cf279dbee24eeb7cb520c3561cbe
SSDEEP

1536:5jl/DFfrFK6M303pKJbBpyN0WKBFwT/HwubVRBXIc5e:hRFFvM3q8rEQBFsH9VRBXIc5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13512c54c3fb55a6ecbf6e51a5c402b1_JaffaCakes118

Files

13512c54c3fb55a6ecbf6e51a5c402b1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

69eadcc1f181e915fbff493139a07c64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\BNwdjtPvjqd\qleNqjsiRoc\hirAeBr.pdb

Imports

ntoskrnl.exe

IoWMIWriteEvent
ZwEnumerateKey
ExDeleteNPagedLookasideList
RtlCopyLuid
IoGetDeviceInterfaces
PoRequestPowerIrp
ExGetExclusiveWaiterCount
ZwLoadDriver
ZwOpenSection
IoRaiseHardError
SeFilterToken
IoGetDeviceProperty
MmUnmapReservedMapping
ObGetObjectSecurity
ZwUnloadDriver
IoSetStartIoAttributes
KeSetPriorityThread
IoCheckEaBufferValidity
ZwOpenKey
CcMdlReadComplete
MmPageEntireDriver
RtlSetAllBits
ExAllocatePool
CcMdlWriteComplete
KeUnstackDetachProcess
RtlInitializeSid
IoIsOperationSynchronous
RtlSubAuthoritySid
IoQueryFileInformation
IoVolumeDeviceToDosName
IoGetStackLimits
WmiQueryTraceInformation
RtlWriteRegistryValue
IoConnectInterrupt
RtlCreateSecurityDescriptor
RtlAnsiCharToUnicodeChar
FsRtlIsDbcsInExpression
RtlTimeToTimeFields
IoThreadToProcess
CcFastCopyWrite
IoAllocateMdl
IoFreeController
IoOpenDeviceRegistryKey
RtlFindLastBackwardRunClear
RtlInitString
KeGetCurrentThread
ProbeForWrite
KeQueryActiveProcessors
ExRegisterCallback
SeQueryAuthenticationIdToken
RtlUpperChar
IoQueueWorkItem
IofCompleteRequest
SeDeleteObjectAuditAlarm
ZwQueryValueKey
IoFreeMdl
CcUnpinDataForThread
RtlVerifyVersionInfo
KeInitializeSpinLock
PsGetProcessId
IoGetBootDiskInformation
RtlFindClearBits
IoReadPartitionTable
RtlInitAnsiString
IoBuildSynchronousFsdRequest
KeInitializeSemaphore
RtlDelete
PsRevertToSelf
IoInvalidateDeviceRelations
IoCreateSynchronizationEvent
KeReadStateEvent
KeEnterCriticalRegion
CcUninitializeCacheMap
KeRevertToUserAffinityThread
RtlAppendStringToString
CcPinMappedData
MmSetAddressRangeModified
FsRtlLookupLastLargeMcbEntry
MmFreeContiguousMemory
ExAcquireFastMutexUnsafe
ExFreePoolWithTag
MmSizeOfMdl
IoCancelIrp
CcUnpinRepinnedBcb
RtlVolumeDeviceToDosName
CcSetBcbOwnerPointer
IoGetDeviceToVerify
RtlCompareString
KdDisableDebugger
ZwQueryInformationFile
IoCsqRemoveIrp
KeRemoveEntryDeviceQueue
RtlCreateAcl
IoFreeErrorLogEntry
RtlSecondsSince1980ToTime
HalExamineMBR
KeInitializeQueue
MmResetDriverPaging
IoGetRelatedDeviceObject
MmUnlockPagableImageSection
MmProbeAndLockPages
ExSetTimerResolution
IoInitializeIrp
ExVerifySuite
FsRtlFreeFileLock
KeLeaveCriticalRegion
IoSetSystemPartition
RtlCheckRegistryKey
FsRtlAllocateFileLock
MmGetSystemRoutineAddress
CcSetDirtyPinnedData
IoGetDeviceAttachmentBaseRef
CcCopyWrite
ZwClose
IoStartPacket
CcRepinBcb
IoReleaseRemoveLockEx
ZwDeleteKey
ExSystemTimeToLocalTime
RtlAreBitsClear
ExAllocatePoolWithQuotaTag
MmBuildMdlForNonPagedPool
ZwOpenFile
RtlUnicodeToOemN
FsRtlCheckLockForWriteAccess
CcIsThereDirtyData
IoCreateSymbolicLink
RtlFindLeastSignificantBit
RtlTimeToSecondsSince1980
KeRegisterBugCheckCallback
RtlSplay
IoFreeWorkItem
ProbeForRead
KeSaveFloatingPointState
KeSetTargetProcessorDpc
RtlGUIDFromString
RtlDeleteRegistryValue
KeAttachProcess
SeImpersonateClientEx
IoCheckShareAccess
KePulseEvent
RtlSecondsSince1970ToTime
IoDisconnectInterrupt
IoAllocateErrorLogEntry
PoRegisterSystemState
ZwQueryVolumeInformationFile
IoGetCurrentProcess
IoRegisterFileSystem
SeReleaseSubjectContext
ExUuidCreate
RtlDeleteNoSplay
PsImpersonateClient
RtlCharToInteger
ZwEnumerateValueKey
ExAcquireResourceSharedLite
PoSetSystemState
MmUnsecureVirtualMemory
ObReferenceObjectByPointer
RtlFindClearRuns
PoCallDriver
PsLookupProcessByProcessId
CcMdlWriteAbort
CcSetFileSizes
IoReleaseRemoveLockAndWaitEx
RtlLengthSecurityDescriptor
PsGetCurrentThreadId
RtlUnicodeStringToOemString
RtlNtStatusToDosError
IoSetPartitionInformation
IoStopTimer
CcZeroData
ExInitializeResourceLite
ObMakeTemporaryObject
KeWaitForSingleObject
ExAllocatePoolWithQuota
KeQueryTimeIncrement
ExQueueWorkItem
IoSetDeviceToVerify
IoReportDetectedDevice
ZwReadFile
IoGetRequestorProcess
IoWritePartitionTableEx
RtlCompareMemory
RtlEnumerateGenericTable
ExIsProcessorFeaturePresent
SeQueryInformationToken
ZwNotifyChangeKey
ExReleaseFastMutexUnsafe
KeSetTimerEx
SeUnlockSubjectContext
ZwFlushKey
IoDeviceObjectType
IoCreateDevice
ZwCreateFile
SeAppendPrivileges
ZwSetValueKey
IoGetLowerDeviceObject
ObQueryNameString
ZwSetSecurityObject
FsRtlNotifyInitializeSync
SeLockSubjectContext
PoUnregisterSystemState
ZwMakeTemporaryObject
MmMapIoSpace
IoGetDiskDeviceObject
RtlSetDaclSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeString
IoInvalidateDeviceState
KeInitializeDeviceQueue
IoQueryFileDosDeviceName
SeCaptureSubjectContext
RtlDeleteElementGenericTable
RtlFindLongestRunClear
CcPurgeCacheSection
RtlEqualSid
KeInsertDeviceQueue
RtlClearAllBits
RtlRandom
SeAccessCheck
IofCallDriver
IoWMIRegistrationControl
RtlCompareUnicodeString
KeInsertByKeyDeviceQueue
ZwQuerySymbolicLinkObject
ZwQueryKey
RtlEqualString
IoGetAttachedDevice
RtlPrefixUnicodeString
ExLocalTimeToSystemTime
MmIsVerifierEnabled
ObInsertObject
IoReadDiskSignature
FsRtlGetNextFileLock
KeSetSystemAffinityThread
SeValidSecurityDescriptor
MmIsAddressValid
RtlUnicodeStringToInteger
ExReleaseResourceLite
PsReferencePrimaryToken
MmMapLockedPagesSpecifyCache
KeInitializeTimer
CcFlushCache
IoInitializeTimer
RtlInt64ToUnicodeString
SeTokenIsAdmin
RtlValidSid
FsRtlIsHpfsDbcsLegal
FsRtlFastUnlockSingle
RtlFreeAnsiString
KeDelayExecutionThread
FsRtlIsFatDbcsLegal
RtlSetBits
CcPreparePinWrite
MmFreePagesFromMdl
ObfDereferenceObject
RtlStringFromGUID
ExDeletePagedLookasideList
KeInitializeDpc
RtlCopyUnicodeString
FsRtlMdlWriteCompleteDev
MmLockPagableDataSection
IoAcquireVpbSpinLock
IoDeleteDevice
PsTerminateSystemThread
MmAddVerifierThunks

Exports

Exports

?FindTimerOriginal@@YGIPAJEPAKF~U
?CloseChar@@YGFHPAIH~U
?CloseStateExA@@YGEPAG~U
?FindTimeOld@@YGKJPAG~U
?FindProviderExA@@YGXPAMFPAF~U
?FilePath@@YGHG~U
?SendRectExW@@YGPAMPAGPAJ~U
?PointerW@@YGPAMPAJPA_NMPAH~U
?InsertMonitorOld@@YGPA_NPAMPAJ~U
?AddWidthA@@YGXEJGK~U
?SendStateNew@@YGMG~U
?IsValidAnchorNew@@YGJPAKDJ~U
?DecrementProfileA@@YGPAFPAIJPAF~U
?GetProcessA@@YGPAXPAFPAH~U
?CloseScreenNew@@YGMPANFPADJ~U
?GetAnchorExA@@YGPAMDFPAI~U
?OnPointExW@@YGKIGJ~U
?FormatValueExW@@YGPAEK~U
?IsNotWindowInfo@@YGMNHI_N~U
?CancelCommandLineExA@@YGPAJIPAI~U
?LoadScreen@@YGXDI~U
?EnumDate@@YGHDGK~U
?ValidateFilePathOld@@YGFPAMII~U
?SetAppNameW@@YGKPAFPAI~U
?FormatPath@@YGGPAKEK~U
?FormatPenOld@@YGPAKHIPAFPAG~U
?FreeFilePathOld@@YGKN~U
?GetSemaphoreNew@@YGJPANPAG~U
?FindTaskEx@@YGXGI~U
?FindKeyNameExW@@YGIPAIH~U
?CancelTimeEx@@YGHKKK~U
?KillModuleNew@@YGPA_NPAN_N~U
?DeleteThread@@YGXK~U
?PutSectionOriginal@@YGXKDGD~U
?CancelFilePathW@@YGPAXPAMPADM~U
?ModifyFunctionOld@@YGFGPAFH~U

Sections

.text
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 512B - Virtual size: 461B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69eadcc1f181e915fbff493139a07c64

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 41KB

.i_data Size: 1KB - Virtual size: 1KB

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 512B - Virtual size: 461B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 29KB - Virtual size: 41KB

.i_data
Size: 1KB - Virtual size: 1KB

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 512B - Virtual size: 461B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 704B