280e5f070e2be6d9482ea9fbd363c780_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

280e5f070e2be6d9482ea9fbd363c780_JaffaCakes118
Size

183KB
MD5

280e5f070e2be6d9482ea9fbd363c780
SHA1

4aa441b7d878262bf7e50e44e4c60f817c669487
SHA256

a78fce6e0c87879aa0ad60d1c28368d954bc1f4903a2dedfa191afe54e8cb9aa
SHA512

63bcfeefffb9d5d9fdd57fc86e9ebffe1d3ff781b67313cb7cb0758f70d43653d5e603cd9b07c32ac5894a2ea0c0394f70382db45832d73bab020b6584d3ba26
SSDEEP

3072:C2cKOCTQZMdA3Vb17g0CEegfexWlyK4yOTFO+HLJJedbVTQiJTfZl:i4QUA3VhN8gACyZTFOELDqTJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
280e5f070e2be6d9482ea9fbd363c780_JaffaCakes118

Files

280e5f070e2be6d9482ea9fbd363c780_JaffaCakes118
.dll windows:6 windows x86 arch:x86

1ac412e17701d2f1b92dbb7e7ed5320c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

IoCreateDisk
IofCompleteRequest
IoBuildSynchronousFsdRequest
IoWMIRegistrationControl
ExGetSharedWaiterCount
CcFastMdlReadWait
SeTokenIsAdmin
RtlDowncaseUnicodeString
SeReleaseSubjectContext
RtlAddAccessAllowedAceEx
FsRtlSplitLargeMcb
IoQueryFileInformation
MmProbeAndLockPages
KdEnableDebugger
CcFastCopyWrite
CcDeferWrite
MmCanFileBeTruncated
ZwDeviceIoControlFile
ZwWriteFile
RtlFindLastBackwardRunClear
RtlFindLongestRunClear
PsImpersonateClient
IoDeleteController
ZwQuerySymbolicLinkObject
ExFreePoolWithTag
IoUpdateShareAccess
SeOpenObjectAuditAlarm
ZwFreeVirtualMemory
IoReuseIrp
RtlGenerate8dot3Name
IoGetDeviceInterfaceAlias
HalExamineMBR
ExRegisterCallback
KeDeregisterBugCheckCallback
SeUnlockSubjectContext
ExUuidCreate
RtlDeleteRegistryValue
MmUnmapLockedPages
ZwSetSecurityObject
RtlCopyLuid
PsGetCurrentProcess
CcUnpinRepinnedBcb
PsReturnPoolQuota
IoReleaseVpbSpinLock
IoStartPacket
ProbeForRead
PsChargeProcessPoolQuota
CcPinRead
IoReadPartitionTable
RtlInitializeBitMap
IoAllocateErrorLogEntry
MmSizeOfMdl
RtlInt64ToUnicodeString
RtlRandom
VerSetConditionMask
IoEnumerateDeviceObjectList
RtlFindClearRuns
ExInitializeResourceLite
ZwDeleteKey
IoInitializeTimer
RtlUnicodeToMultiByteN
CcMdlRead
RtlUnicodeStringToOemString
CcSetReadAheadGranularity
IoIsSystemThread
ZwOpenKey
PsTerminateSystemThread
RtlFindClearBits
ExCreateCallback
FsRtlCheckOplock
ZwNotifyChangeKey
FsRtlIsFatDbcsLegal
KeSaveFloatingPointState
IoGetDeviceAttachmentBaseRef
IoDeviceObjectType
RtlCopyString
RtlEqualString
MmPageEntireDriver
CcRepinBcb
MmBuildMdlForNonPagedPool
IoWriteErrorLogEntry
IoSetThreadHardErrorMode
FsRtlFreeFileLock
RtlxAnsiStringToUnicodeSize
KePulseEvent
IoDetachDevice
RtlCopySid
IoVerifyVolume
IoGetStackLimits
KeReleaseSemaphore
ExAcquireFastMutexUnsafe
IoSetDeviceToVerify
KeInitializeMutex
RtlInitAnsiString
ZwQueryKey
SeFreePrivileges
CcGetFileObjectFromBcb
IoDisconnectInterrupt
MmMapUserAddressesToPage
ExRaiseAccessViolation
IoBuildPartialMdl
IoSetStartIoAttributes
MmIsThisAnNtAsSystem
RtlAreBitsSet
IoFreeController
PsReferencePrimaryToken
KeInitializeDeviceQueue
KeInitializeTimer
ZwOpenFile
RtlSetDaclSecurityDescriptor
KeSetBasePriorityThread
KeSetTargetProcessorDpc
ExDeleteNPagedLookasideList
ObOpenObjectByPointer
KeReadStateSemaphore
ZwFsControlFile
ObQueryNameString
FsRtlGetNextFileLock
MmAdvanceMdl
RtlVerifyVersionInfo
MmAllocateMappingAddress
KeResetEvent
IoGetTopLevelIrp
IoCheckQuotaBufferValidity
RtlSubAuthoritySid
CcIsThereDirtyData
IoGetDeviceInterfaces
FsRtlNotifyUninitializeSync
IofCallDriver
KeWaitForMultipleObjects
RtlValidSecurityDescriptor
KeBugCheck
IoGetDeviceToVerify
CcCanIWrite
ExDeleteResourceLite
SeLockSubjectContext
KeRevertToUserAffinityThread
CcUninitializeCacheMap
RtlVolumeDeviceToDosName
ZwSetVolumeInformationFile
RtlInitString
IoGetDmaAdapter
RtlInitializeGenericTable
MmIsVerifierEnabled
RtlMapGenericMask
ObReleaseObjectSecurity
IoWritePartitionTableEx
ZwCreateEvent
PsGetCurrentProcessId
KeReadStateMutex
FsRtlAllocateFileLock
IoIsWdmVersionAvailable
IoSetShareAccess
RtlUpcaseUnicodeToOemN
CcCopyRead
ObMakeTemporaryObject
ZwMakeTemporaryObject
KeSetSystemAffinityThread
IoFreeMdl
PsLookupThreadByThreadId
MmHighestUserAddress
IoSetDeviceInterfaceState
MmIsAddressValid
IoReportResourceForDetection
MmMapIoSpace
SeSinglePrivilegeCheck
PoRegisterSystemState
PoCallDriver
DbgPrompt
IoRequestDeviceEject
KeInitializeQueue
RtlCreateSecurityDescriptor
FsRtlLookupLastLargeMcbEntry
IoRemoveShareAccess
FsRtlMdlWriteCompleteDev
RtlLengthSid
RtlInitUnicodeString
CcSetFileSizes
SeSetSecurityDescriptorInfo
ExReleaseFastMutexUnsafe
ExAcquireResourceSharedLite
KeInsertHeadQueue
KeGetCurrentThread
RtlInitializeUnicodePrefix
RtlAnsiCharToUnicodeChar
MmMapLockedPagesSpecifyCache
IoSetPartitionInformation
IoReadDiskSignature
PoRequestPowerIrp
ExVerifySuite
IoReadPartitionTableEx
KeSynchronizeExecution
ExGetPreviousMode
RtlAppendStringToString
RtlSetBits
FsRtlDeregisterUncProvider
RtlHashUnicodeString
ExGetExclusiveWaiterCount
FsRtlIsHpfsDbcsLegal
ObfReferenceObject
ObfDereferenceObject
KeInitializeApc
RtlUpperChar
KeQueryTimeIncrement
RtlPrefixUnicodeString
IoGetLowerDeviceObject
RtlGUIDFromString
PsIsThreadTerminating
ExIsProcessorFeaturePresent
MmForceSectionClosed
ExQueueWorkItem
RtlTimeToSecondsSince1980
CcFastCopyRead
PsGetVersion
PoUnregisterSystemState
KeReadStateEvent
KeInitializeSemaphore
RtlCharToInteger
FsRtlIsTotalDeviceFailure
ZwCreateDirectoryObject
RtlFindSetBits
CcMdlWriteComplete
KeQueryInterruptTime
RtlMultiByteToUnicodeN
IoGetRequestorProcessId
IoReleaseCancelSpinLock
ObInsertObject
IoCreateSymbolicLink
ZwOpenSymbolicLinkObject
IoCancelIrp
RtlWriteRegistryValue
IoCreateStreamFileObjectLite
RtlNtStatusToDosError
MmLockPagableDataSection
SeDeassignSecurity
RtlValidSid
RtlNumberOfClearBits
RtlxOemStringToUnicodeSize
RtlUnicodeStringToInteger
MmFreeMappingAddress
PsRevertToSelf
RtlxUnicodeStringToAnsiSize
ZwMapViewOfSection
RtlEqualSid
PsGetThreadProcessId
ObGetObjectSecurity
IoGetDiskDeviceObject
IoGetRequestorProcess
IoAllocateIrp
FsRtlCheckLockForWriteAccess
DbgBreakPointWithStatus
IoDeleteDevice
RtlTimeToTimeFields
IoInvalidateDeviceState
RtlCreateRegistryKey
ZwQueryValueKey
IoGetBootDiskInformation
IoSetHardErrorOrVerifyDevice
KeReleaseMutex
IoCreateSynchronizationEvent
RtlFindNextForwardRunClear
KeRemoveEntryDeviceQueue
KeSetEvent

Exports

Exports

?ClearOprj3@@YG_KPAX@Z
?Comerh3@@YG_KPAX@Z
?Consist34@@YG_KPAX@Z
?FantasticDay@@YG_KPAX@Z
?MeasureWeight@@YG_KPAX@Z
?Rollej2@@YG_KPAX@Z
?RollinUp@@YG_KPAX@Z
?Seropk2@@YG_KPAX@Z

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.run
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irun
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 512B - Virtual size: 317B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qwode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bist
Size: 512B - Virtual size: 331B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prun
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mode
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eode
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aode
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ac412e17701d2f1b92dbb7e7ed5320c

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.run Size: 1KB - Virtual size: 1KB

.irun Size: 7KB - Virtual size: 6KB

.debug Size: 512B - Virtual size: 317B

.qwode Size: 512B - Virtual size: 64B

.bist Size: 512B - Virtual size: 331B

.prun Size: 11KB - Virtual size: 11KB

.data Size: 6KB - Virtual size: 15KB

.mode Size: 6KB - Virtual size: 5KB

.eode Size: 6KB - Virtual size: 5KB

.aode Size: 3KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 6KB - Virtual size: 5KB

.run
Size: 1KB - Virtual size: 1KB

.irun
Size: 7KB - Virtual size: 6KB

.debug
Size: 512B - Virtual size: 317B

.qwode
Size: 512B - Virtual size: 64B

.bist
Size: 512B - Virtual size: 331B

.prun
Size: 11KB - Virtual size: 11KB

.data
Size: 6KB - Virtual size: 15KB

.mode
Size: 6KB - Virtual size: 5KB

.eode
Size: 6KB - Virtual size: 5KB

.aode
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 512B - Virtual size: 316B