3d5306b1b9eef025b6f7977758d4447d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d5306b1b9eef025b6f7977758d4447d_JaffaCakes118
Size

106KB
MD5

3d5306b1b9eef025b6f7977758d4447d
SHA1

71734b8cd33f0b82c6aec63e5f467438604ef2ea
SHA256

f024f6fd1ee07349612ebcab0943845c053a58054dc2dc7242021c1bf31ff0eb
SHA512

0af69df02f1bee120d84747ef0c9ec665a454e4d419f0f5f35a2796d1f2b404c332d8e858c619b08165db0064c4b615efa144a90bd81f47aae7aea75ad128e4e
SSDEEP

3072:h+HLTpDXV6sCv9ORt/DwjJkNcbzCIVnijEN:sHXpDAsIORt/WJzCEim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d5306b1b9eef025b6f7977758d4447d_JaffaCakes118

Files

3d5306b1b9eef025b6f7977758d4447d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bbbf2c121699e8bd3b2ed10d56b70a25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\CfekRrM\Fommiho\ihGqgIYHvkTT\ittwitqhun\wmvhxdhouYusPa.pdb

Imports

ntoskrnl.exe

SePrivilegeCheck
RtlStringFromGUID
MmMapIoSpace
IoAllocateWorkItem
RtlEqualSid
KeClearEvent
KeInitializeTimer
RtlFreeAnsiString
ZwReadFile
ObfReferenceObject
CcMdlWriteComplete
IoOpenDeviceRegistryKey
ExFreePoolWithTag
IoAllocateErrorLogEntry
SeLockSubjectContext
KeRestoreFloatingPointState
CcMapData
FsRtlNotifyInitializeSync
KeReleaseMutex
ZwOpenFile
MmPageEntireDriver
KeInitializeApc
ExVerifySuite
ExNotifyCallback
KeAttachProcess
RtlAreBitsSet
MmUnmapIoSpace
RtlCopyString
RtlCreateAcl
ExUnregisterCallback
CcFastMdlReadWait
RtlInitAnsiString
ExAllocatePoolWithQuota
RtlExtendedIntegerMultiply
IoAllocateAdapterChannel
IoSetDeviceInterfaceState
IoCheckShareAccess
KeUnstackDetachProcess
RtlInitUnicodeString
SeAppendPrivileges
ZwSetSecurityObject
RtlInsertUnicodePrefix
IoAcquireVpbSpinLock
IoGetDeviceInterfaceAlias
IoInitializeTimer
IoWMIWriteEvent
ObCreateObject
IoSetPartitionInformation
RtlFindUnicodePrefix
SeSetSecurityDescriptorInfo
KeReadStateEvent
ZwOpenSection
KeInitializeSemaphore
ZwClose
CcUnpinDataForThread
RtlDelete
IoDeviceObjectType
RtlAppendUnicodeToString
CcIsThereDirtyData
IoGetStackLimits
CcFastCopyRead
ZwQuerySymbolicLinkObject
ExGetExclusiveWaiterCount
KeReadStateMutex
PsTerminateSystemThread
CcCopyWrite
IoQueueWorkItem
MmSizeOfMdl
IoGetDeviceObjectPointer
KeReadStateTimer
KeSetBasePriorityThread
IoMakeAssociatedIrp
FsRtlIsNameInExpression
CcPreparePinWrite
FsRtlCheckOplock
PsIsThreadTerminating
ZwCreateDirectoryObject
MmIsDriverVerifying
PoUnregisterSystemState
MmIsVerifierEnabled
ObOpenObjectByPointer
KeInitializeDpc
IoAcquireRemoveLockEx
IoSetStartIoAttributes
MmBuildMdlForNonPagedPool
ExLocalTimeToSystemTime
MmGetPhysicalAddress
RtlPrefixUnicodeString
IoWMIRegistrationControl
IoInitializeRemoveLockEx
IoVerifyVolume
PoSetSystemState
IoReadPartitionTable
ExDeleteResourceLite
RtlFindMostSignificantBit
FsRtlMdlWriteCompleteDev
ExInitializeResourceLite
KeCancelTimer
ObReferenceObjectByPointer
ZwNotifyChangeKey
IoGetDeviceAttachmentBaseRef
RtlCompareString
RtlEqualString
RtlUpcaseUnicodeToOemN
RtlValidSid
SeValidSecurityDescriptor
IoRegisterDeviceInterface
RtlClearAllBits
IoIsSystemThread
PsLookupProcessByProcessId
RtlClearBits
RtlUnicodeStringToAnsiString
RtlGetNextRange
RtlFindClearRuns
RtlMultiByteToUnicodeN
KeInsertHeadQueue
SeDeleteObjectAuditAlarm
ExAcquireFastMutexUnsafe
RtlSecondsSince1970ToTime
CcUninitializeCacheMap
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwLoadDriver
CcZeroData
IoSetPartitionInformationEx
IoReportDetectedDevice
ZwEnumerateValueKey
ZwFsControlFile
ZwCreateFile
MmQuerySystemSize
ObReferenceObjectByHandle
IoRaiseHardError
KeFlushQueuedDpcs
RtlAnsiCharToUnicodeChar
ZwMakeTemporaryObject
CcDeferWrite
SeReleaseSubjectContext
KeInsertDeviceQueue
MmAllocatePagesForMdl
IoStartPacket
IoReadDiskSignature
IoGetAttachedDeviceReference
SeQueryInformationToken
IoGetDeviceToVerify
CcSetFileSizes
IoGetLowerDeviceObject
IoDeleteController
RtlRemoveUnicodePrefix
RtlInitializeUnicodePrefix
PsGetCurrentThreadId
KeQueryActiveProcessors
ExSetTimerResolution
RtlInitString
MmFlushImageSection
KeRemoveQueueDpc
PoStartNextPowerIrp
RtlLengthSid
KeBugCheckEx
MmIsThisAnNtAsSystem
SeTokenIsAdmin
KeInsertByKeyDeviceQueue
KeSetEvent
RtlSplay
MmFreeMappingAddress
IoDisconnectInterrupt
MmGetSystemRoutineAddress
IoQueryFileInformation
RtlAppendStringToString
CcPinMappedData
KeRemoveEntryDeviceQueue
IoFreeWorkItem
SeSinglePrivilegeCheck
RtlHashUnicodeString
ProbeForRead
RtlInt64ToUnicodeString
MmCanFileBeTruncated
PoCallDriver
ObQueryNameString
IoDeleteDevice
RtlSetDaclSecurityDescriptor
MmSetAddressRangeModified
RtlIntegerToUnicodeString
IoThreadToProcess
KeResetEvent
IoEnumerateDeviceObjectList
ZwPowerInformation
ExDeleteNPagedLookasideList
IoCreateNotificationEvent
RtlValidSecurityDescriptor
MmMapLockedPages
RtlUpcaseUnicodeString
RtlTimeToTimeFields
RtlInitializeBitMap
KeSaveFloatingPointState
ZwOpenProcess
MmAllocateContiguousMemory
FsRtlIsHpfsDbcsLegal
IoCreateSynchronizationEvent
FsRtlSplitLargeMcb
IoCreateStreamFileObjectLite
CcFastCopyWrite
RtlFindLeastSignificantBit
RtlFindLastBackwardRunClear
KeQueryInterruptTime
IoGetDeviceInterfaces
RtlIsNameLegalDOS8Dot3
ExRaiseAccessViolation
MmSecureVirtualMemory
FsRtlFreeFileLock
SeCaptureSubjectContext
ExReleaseFastMutexUnsafe
CcMdlRead
ExAllocatePool
RtlFreeUnicodeString
RtlUpcaseUnicodeChar
KeInitializeMutex
PoSetPowerState
KeSetPriorityThread
KeDetachProcess
RtlFindNextForwardRunClear
IoReadPartitionTableEx
MmAllocateMappingAddress
SeFilterToken
RtlCompareMemory
IoVerifyPartitionTable
PsGetProcessId
KeInitializeDeviceQueue
RtlVerifyVersionInfo
CcPinRead
IoGetDmaAdapter
KeInsertQueueDpc
RtlOemStringToUnicodeString
KeSetTimerEx
IoAllocateMdl
KeRevertToUserAffinityThread
ZwWriteFile
IoSetSystemPartition
MmProbeAndLockProcessPages
ExCreateCallback
MmLockPagableSectionByHandle
KePulseEvent
RtlUpperChar
IoGetAttachedDevice
IoCreateFile
PsLookupThreadByThreadId
RtlSubAuthoritySid
IoRegisterFileSystem
MmResetDriverPaging
CcSetReadAheadGranularity
KeSetImportanceDpc
KeGetCurrentThread
ExDeletePagedLookasideList
RtlDowncaseUnicodeString
ExSetResourceOwnerPointer

Exports

Exports

?OnExpressionA@@YGPAJDPAK~U
?PutClass@@YGKEDD~U
?FreeWindowW@@YGPAXM~U
?IsValidProjectW@@YGGDM~U
?StateNew@@YGDPA_NPAGM~U
?CloseSizeEx@@YGK_NI~U
?InsertListItemA@@YGEK~U
?InstallWindowInfoNew@@YGXK~U
?RtlWindowEx@@YGPAFGIIK~U
?IsDialog@@YGPAIFJK~U
?KillOptionExA@@YGNMPAFDPAM~U
?ShowWidthW@@YGPAIPAFD~U
?ShowAppName@@YGEPAE~U
?IncrementDirectoryNew@@YGJPAIPAHD~U
?LoadMemoryExW@@YGJDPANPAII~U
?FindValueW@@YGJD~U
?RtlStringExA@@YGJNPAIFPAF~U
?CallListItemExA@@YGDPAM~U
?CopyAnchor@@YGPAMKNMPAF~U
?CallCommandLine@@YGDN~U
?IsNotProviderExW@@YGHJ~U
?DecrementTaskEx@@YGPAHHKM~U
?AddPointer@@YGKPAE~U
?GenerateObject@@YGPAFN~U
?PutListItemExW@@YGPAMPANFPAKG~U
?FindWindowInfoOld@@YGPAMPAE~U
?InvalidateTextEx@@YGEPAHKPAI~U
?FindHeaderOld@@YGKD~U
?GetCommandLineOld@@YGPAHDPANNI~U
?FindValueNew@@YGED~U
?AddTextW@@YGNH~U
?InvalidateDevice@@YGJPAGMMK~U
?GenerateDeviceOriginal@@YG_NPADGPAHD~U
?DeleteWindowInfoOld@@YGDPAK~U
?GenerateEventExW@@YGGMDGE~U
?CrtMutexEx@@YGX_NDPA_N~U

Sections

.text
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i_data
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e_data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hosta
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hostb
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hostd
Size: 1024B - Virtual size: 693B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbbf2c121699e8bd3b2ed10d56b70a25

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 42KB

.i_data Size: 1024B - Virtual size: 1020B

.e_data Size: 1KB - Virtual size: 1KB

.hostc Size: 512B - Virtual size: 28B

.hosta Size: 512B - Virtual size: 44B

.hostb Size: 512B - Virtual size: 44B

.hostd Size: 1024B - Virtual size: 693B

.data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 700B

.text
Size: 29KB - Virtual size: 42KB

.i_data
Size: 1024B - Virtual size: 1020B

.e_data
Size: 1KB - Virtual size: 1KB

.hostc
Size: 512B - Virtual size: 28B

.hosta
Size: 512B - Virtual size: 44B

.hostb
Size: 512B - Virtual size: 44B

.hostd
Size: 1024B - Virtual size: 693B

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 700B