3c961e9cf5cbbcd4d5c37912ca0a94ec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c961e9cf5cbbcd4d5c37912ca0a94ec_JaffaCakes118
Size

442KB
MD5

3c961e9cf5cbbcd4d5c37912ca0a94ec
SHA1

aabd7fc08fcbdb1ca539a01dbbea72751c1eaf77
SHA256

ead3e149f8bb5c4c68768710f17da4cc74613a61b74a22c99250005adf867370
SHA512

e1da463c72d34fa879b826a03eac1ce3cbf8192a8e94616d6ec1f3ed81bdfaa7f51b10593d8d005637bd23ee1c5e72150c23975920fdfec3115c12b28f34e2d7
SSDEEP

6144:e8PiUA5S14zGiYFCrcpvz3GMc9AHkekQQkw4QnlySLGQX2c0X/x3LivK4Zf/QN3S:NPV8jzWVr3Tc9nekQQkwJ7LfIhiVZfqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c961e9cf5cbbcd4d5c37912ca0a94ec_JaffaCakes118

Files

3c961e9cf5cbbcd4d5c37912ca0a94ec_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a7b38ad19a41b7065b120e547877b5e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\jUUgBmeiEAJitB\gygIuEp\eujjOnBwzLh.pdb

Imports

ntoskrnl.exe

IoUnregisterFileSystem
ZwOpenKey
ZwLoadDriver
SeAppendPrivileges
RtlInitString
RtlInsertUnicodePrefix
IoGetCurrentProcess
FsRtlIsNameInExpression
CcMdlRead
MmAllocateMappingAddress
IoUpdateShareAccess
MmUnlockPagableImageSection
KeAttachProcess
PsImpersonateClient
ZwFsControlFile
KeRundownQueue
FsRtlNotifyInitializeSync
IoAllocateErrorLogEntry
KeInitializeDeviceQueue
KeSetTimer
RtlWriteRegistryValue
RtlEqualString
KeInsertQueueDpc
CcFastMdlReadWait
IoSetDeviceInterfaceState
PoStartNextPowerIrp
SeReleaseSubjectContext
IoSetDeviceToVerify
IoCsqRemoveIrp
RtlDeleteRegistryValue
ZwSetSecurityObject
CcInitializeCacheMap
MmUnsecureVirtualMemory
IoQueryFileDosDeviceName
IoAllocateMdl
ObOpenObjectByPointer
ExSetTimerResolution
IoRegisterDeviceInterface
ObInsertObject
KeSetTargetProcessorDpc
KeReleaseMutex
SeFilterToken
ExGetExclusiveWaiterCount
IoGetRelatedDeviceObject
KeRemoveEntryDeviceQueue
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
ExAllocatePoolWithQuota
FsRtlDeregisterUncProvider
RtlClearBits
PsGetCurrentThreadId
RtlLengthRequiredSid
RtlOemToUnicodeN
ZwPowerInformation
RtlTimeToSecondsSince1970
RtlNtStatusToDosError
SeImpersonateClientEx
RtlInitUnicodeString
KeUnstackDetachProcess
IoAcquireVpbSpinLock
ExRaiseDatatypeMisalignment
KeReadStateMutex
ZwOpenProcess
ObReferenceObjectByPointer
IoRequestDeviceEject
ExDeletePagedLookasideList
RtlCreateSecurityDescriptor
RtlUpcaseUnicodeChar
PsRevertToSelf
ExSystemTimeToLocalTime
ProbeForRead
KeInitializeEvent
IoGetDriverObjectExtension
CcRepinBcb
ZwCreateFile
ZwWriteFile
MmCanFileBeTruncated
IofCompleteRequest
ZwDeleteValueKey
MmUnmapIoSpace
KeFlushQueuedDpcs
CcFastCopyWrite
FsRtlFreeFileLock
RtlxUnicodeStringToAnsiSize
PsReferencePrimaryToken
PoRequestPowerIrp
SeSetSecurityDescriptorInfo
RtlUpperString
KeSetTimerEx
SeOpenObjectAuditAlarm
MmAddVerifierThunks
RtlStringFromGUID
RtlVolumeDeviceToDosName
SeDeleteObjectAuditAlarm
FsRtlCheckOplock
MmGetSystemRoutineAddress
RtlCopySid
ExNotifyCallback
MmFreePagesFromMdl
RtlClearAllBits
ExInitializeResourceLite
IoGetRequestorProcess
HalExamineMBR
MmUnmapReservedMapping
RtlIntegerToUnicodeString
IoFreeController
RtlSubAuthoritySid
RtlFindLongestRunClear
KeSynchronizeExecution
SeQueryInformationToken
MmMapIoSpace
MmIsThisAnNtAsSystem
RtlExtendedIntegerMultiply
CcIsThereDirtyData
KeInitializeTimerEx
ExVerifySuite
MmSetAddressRangeModified
RtlCreateUnicodeString
RtlOemStringToUnicodeString
ZwQueryVolumeInformationFile
IoAcquireCancelSpinLock
MmFreeContiguousMemory
IoDisconnectInterrupt
CcPreparePinWrite
RtlFindClearBits
IoMakeAssociatedIrp
IoCreateDevice
PoUnregisterSystemState
KeReleaseSemaphore
ExRegisterCallback
RtlInitializeBitMap
FsRtlCheckLockForWriteAccess
ObfDereferenceObject
ObReferenceObjectByHandle
KdEnableDebugger
RtlAppendStringToString
DbgPrompt
KeEnterCriticalRegion
KeRemoveQueueDpc
PsCreateSystemThread
RtlUnicodeStringToInteger
KeRemoveByKeyDeviceQueue
RtlIsNameLegalDOS8Dot3
ZwOpenFile
RtlDeleteElementGenericTable
ExLocalTimeToSystemTime
KeWaitForMultipleObjects
FsRtlIsTotalDeviceFailure
IoQueryDeviceDescription
RtlGUIDFromString
RtlCopyUnicodeString
IoCancelIrp
PsGetProcessExitTime
MmAllocatePagesForMdl
KeDetachProcess
RtlHashUnicodeString
IoInitializeIrp
RtlRemoveUnicodePrefix
RtlQueryRegistryValues
RtlFreeOemString
RtlInitializeSid
SeCreateClientSecurity
CcPinRead
SeSinglePrivilegeCheck
KeInitializeTimer
MmFreeNonCachedMemory
KeInsertHeadQueue
KeDelayExecutionThread
ZwCreateKey
ObfReferenceObject
MmHighestUserAddress
RtlUpperChar
RtlCompareMemory
SeValidSecurityDescriptor
CcUnpinData
KeQueryInterruptTime
RtlMapGenericMask
IoAllocateWorkItem
RtlInitializeUnicodePrefix
KeRemoveDeviceQueue
KeSetSystemAffinityThread
CcPurgeCacheSection
RtlDelete
FsRtlIsHpfsDbcsLegal
SePrivilegeCheck
RtlNumberOfClearBits
IofCallDriver
IoDeleteDevice
CcUnpinRepinnedBcb
CcUnpinDataForThread
MmProbeAndLockPages
IoGetDeviceAttachmentBaseRef
RtlFindSetBits
ZwSetVolumeInformationFile
KeRemoveQueue
RtlUnicodeStringToAnsiString
CcSetDirtyPinnedData
ExReinitializeResourceLite
ExAcquireResourceSharedLite
IoReleaseVpbSpinLock
KeDeregisterBugCheckCallback
ExAllocatePoolWithQuotaTag
KeSetBasePriorityThread
IoGetDeviceProperty
FsRtlCheckLockForReadAccess
KeInitializeSpinLock
MmFreeMappingAddress
PsSetLoadImageNotifyRoutine
IoSetTopLevelIrp
KeGetCurrentThread
KeInsertByKeyDeviceQueue
PoCallDriver
MmQuerySystemSize
RtlLengthSecurityDescriptor
IoStartPacket
IoConnectInterrupt
CcSetReadAheadGranularity
ObCreateObject
KeRegisterBugCheckCallback
ExFreePoolWithTag
PsChargeProcessPoolQuota
IoCreateSynchronizationEvent
PoRegisterSystemState
IoReadDiskSignature
IoRemoveShareAccess
KeLeaveCriticalRegion
IoCheckQuotaBufferValidity
IoCreateStreamFileObject
IoReleaseCancelSpinLock
KeQuerySystemTime
IoVerifyVolume
RtlEqualSid
IoFreeIrp
RtlFindClearRuns
MmIsDriverVerifying
ZwDeviceIoControlFile
ZwEnumerateValueKey
PsGetThreadProcessId
ZwCreateDirectoryObject
KeRevertToUserAffinityThread
RtlGenerate8dot3Name
IoQueryFileInformation
SeTokenIsAdmin
RtlVerifyVersionInfo
RtlCopyString
ObQueryNameString
ZwSetValueKey
KdDisableDebugger
PsLookupProcessByProcessId
RtlSetBits
CcCanIWrite
RtlDeleteNoSplay
KeInitializeQueue
ZwMakeTemporaryObject
CcGetFileObjectFromBcb
RtlUnicodeStringToOemString
FsRtlLookupLastLargeMcbEntry
CcSetFileSizes
KeCancelTimer

Exports

Exports

?SendSizeW@@YGMFM<V
?FormatArgumentNew@@YGXPAK<V
?InvalidateThreadExW@@YGPAGGNPAEPAD<V
?ShowClassNew@@YGPAGF<V
?ShowHeightExA@@YGFPAFHEPAI<V
?CopyClassW@@YGDPAM<V

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7b38ad19a41b7065b120e547877b5e6

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 10KB - Virtual size: 37KB

.reloc Size: 1024B - Virtual size: 792B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 10KB - Virtual size: 37KB

.reloc
Size: 1024B - Virtual size: 792B