27f6e4eae9e68822f0febb8e4d184420_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27f6e4eae9e68822f0febb8e4d184420_JaffaCakes118
Size

183KB
MD5

27f6e4eae9e68822f0febb8e4d184420
SHA1

714bea5605a362e0ebec24b8dadfb5ccb2f52668
SHA256

cf4871a67a342a720f19ee411ed17c21fab42b5bbbde118fb378bd4651333e8e
SHA512

2ff1c994b61d9f59167de91324e0394d25c2f09c546c2eaf2607e8813416089ecd933bd1fe0e62679b2df32bc4a325532e05640ce3d622226d3b75e9816ec171
SSDEEP

3072:50EsuqTAH/upQXCeJ4//E+7mslheiHsI/U+owztYcegkZq9lz7VOfy+1iVyEdQlo:5HsuqkfuWdJ4nE+a6hgiU+dOgaq9lz7L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f6e4eae9e68822f0febb8e4d184420_JaffaCakes118

Files

27f6e4eae9e68822f0febb8e4d184420_JaffaCakes118
.dll windows:5 windows x86 arch:x86

481ffb1f4aabdcb920afd0797b455cd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\koKPykT\ihqbsrAaZPohr\DhJzpwkeIUqTe\jdBgatneKavEgZ\BxeBuiObEjt.pdb

Imports

ntoskrnl.exe

IoAllocateWorkItem
CcMdlWriteAbort
ExGetExclusiveWaiterCount
VerSetConditionMask
ZwOpenSection
RtlInitString
IoSetPartitionInformationEx
IoDeviceObjectType
FsRtlLookupLastLargeMcbEntry
RtlxOemStringToUnicodeSize
MmFreeMappingAddress
CcFastMdlReadWait
ExRaiseDatatypeMisalignment
IoGetLowerDeviceObject
RtlVerifyVersionInfo
KeReadStateTimer
ExReinitializeResourceLite
PsGetProcessExitTime
FsRtlNotifyUninitializeSync
MmAddVerifierThunks
IoRegisterDeviceInterface
ZwCreateKey
IoCreateStreamFileObjectLite
ExDeleteNPagedLookasideList
CcMdlReadComplete
CcCopyWrite
RtlSplay
IoGetRequestorProcessId
ObQueryNameString
KeReleaseSemaphore
MmProbeAndLockPages
SeTokenIsAdmin
KeWaitForSingleObject
RtlUnicodeToMultiByteN
KeSetEvent
CcPurgeCacheSection
MmCanFileBeTruncated
IoVolumeDeviceToDosName
RtlUnicodeStringToAnsiString
ExAcquireFastMutexUnsafe
IoDeleteSymbolicLink
RtlFreeUnicodeString
PoSetSystemState
RtlFindSetBits
KeFlushQueuedDpcs
ZwOpenProcess
ZwQueryValueKey
IoAllocateAdapterChannel
SeTokenIsRestricted
ZwFreeVirtualMemory
KefAcquireSpinLockAtDpcLevel
IoInitializeIrp
RtlFreeAnsiString
MmQuerySystemSize
FsRtlDeregisterUncProvider
IoGetCurrentProcess
IoCheckShareAccess
ZwClose
ProbeForRead
KeInitializeSpinLock
IoGetDeviceProperty
RtlCreateSecurityDescriptor
KeDetachProcess
RtlFreeOemString
CcSetReadAheadGranularity
RtlTimeToTimeFields
RtlInitAnsiString
KeGetCurrentThread
ZwUnloadDriver
KeUnstackDetachProcess
MmMapUserAddressesToPage
MmAllocatePagesForMdl
ExVerifySuite
MmAllocateMappingAddress
RtlIntegerToUnicodeString
RtlUnicodeStringToOemString
RtlAddAccessAllowedAce
IoRequestDeviceEject
IoRegisterFileSystem
FsRtlFastCheckLockForRead
RtlxUnicodeStringToAnsiSize
FsRtlMdlWriteCompleteDev

Exports

Exports

?CancelListItemOld@@YGPAXHHG<V
?DeleteCommandLineExA@@YGPAMPAG<V
?InvalidateWindowInfoExW@@YG_NJF<V
?CloseObjectExA@@YGPAXPADPAIGM<V
?InstallFunctionExA@@YGPAFNE<V
?InstallEventNew@@YGHHM<V

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

481ffb1f4aabdcb920afd0797b455cd3

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 26KB

.reloc Size: 1024B - Virtual size: 840B

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 26KB

.reloc
Size: 1024B - Virtual size: 840B