5438e93094b26003ba338607c14a6510_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5438e93094b26003ba338607c14a6510_JaffaCakes118
Size

135KB
MD5

5438e93094b26003ba338607c14a6510
SHA1

80013b296b71d4665be75c311be3c5068926d3ab
SHA256

34030b142d21b3ca6f6f1a1eec534ebf27b394962f2444cb4ec1a165b6690206
SHA512

383878c465b56d2e2a271645dc2029f5e9177323da92f7f84c4be66b9eeed944016f49950317120722af1f34c373db1a3ca60ac86c3c535dc9bf7074e2bf7ffe
SSDEEP

3072:sQGaVczyAjTArL2if1wcInj8xlGYd0ct0j24z3pGNBFKXU3Wao:sQGnzywI6if6dnj8yY+ch4z3wFKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5438e93094b26003ba338607c14a6510_JaffaCakes118

Files

5438e93094b26003ba338607c14a6510_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\etjshUj\YAMLfpyczxPuzE\NymSyfsDV.pdb

Imports

ntoskrnl.exe

RtlTimeFieldsToTime
IoAllocateWorkItem
FsRtlCheckLockForWriteAccess
CcMdlReadComplete
ZwAllocateVirtualMemory
PsIsThreadTerminating
ExDeleteNPagedLookasideList
CcFastMdlReadWait
RtlInitUnicodeString
IoSetPartitionInformation
IoDetachDevice
ZwOpenFile
PsDereferencePrimaryToken
ObReferenceObjectByHandle
KeWaitForSingleObject
IoVerifyPartitionTable
KeInitializeQueue
MmMapUserAddressesToPage
MmAllocateMappingAddress
IoDeleteDevice
ZwWriteFile
PoCallDriver
IoCheckEaBufferValidity
IoWMIWriteEvent
IoDisconnectInterrupt
ExAcquireResourceSharedLite
IoGetDeviceToVerify
ZwUnloadDriver
IoSetShareAccess
RtlFillMemoryUlong
IoInitializeRemoveLockEx
PsReturnPoolQuota
RtlSplay
KeRemoveEntryDeviceQueue
IoCancelIrp
IoAcquireRemoveLockEx
RtlCreateUnicodeString
KeInsertByKeyDeviceQueue
ExNotifyCallback
IoConnectInterrupt
KeInsertQueueDpc
RtlVerifyVersionInfo
IoRaiseHardError
PsGetCurrentProcessId
ObReleaseObjectSecurity
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
RtlCheckRegistryKey
MmUnmapReservedMapping
KeClearEvent
ObCreateObject
RtlEqualSid
RtlxAnsiStringToUnicodeSize
RtlRandom
RtlUpcaseUnicodeString
PsGetProcessId
RtlxUnicodeStringToAnsiSize
RtlFindClearBitsAndSet
RtlCopySid
RtlFindLastBackwardRunClear
IoReleaseRemoveLockEx
KeBugCheckEx
ExCreateCallback
ObGetObjectSecurity
SeAssignSecurity
KeCancelTimer
IoAllocateController
PoRequestPowerIrp
IoQueryFileDosDeviceName
PsImpersonateClient
IoAllocateMdl
RtlInitializeUnicodePrefix
ZwOpenProcess
CcInitializeCacheMap
IoDeviceObjectType
RtlValidSid
RtlNtStatusToDosError
IoStopTimer
KeInitializeMutex
IoAcquireVpbSpinLock
RtlCharToInteger
IoSetStartIoAttributes
IoCreateFile
RtlInt64ToUnicodeString
RtlLengthSecurityDescriptor
FsRtlNotifyUninitializeSync
IoReleaseRemoveLockAndWaitEx
CcCanIWrite
IoIsOperationSynchronous
ZwClose
IoWritePartitionTableEx
IoFreeWorkItem
MmUnsecureVirtualMemory
RtlPrefixUnicodeString
MmAddVerifierThunks
ZwLoadDriver
KeDelayExecutionThread
FsRtlIsDbcsInExpression
IoInitializeTimer
SeReleaseSubjectContext
RtlSecondsSince1980ToTime
CcIsThereDirtyData
MmFreeNonCachedMemory
MmFreeContiguousMemory
ZwFreeVirtualMemory
KeSetEvent
MmFreeMappingAddress
MmSecureVirtualMemory
RtlUnicodeToOemN
RtlDowncaseUnicodeString
IoStartNextPacket
DbgBreakPoint
KeInitializeTimerEx
CcFastCopyRead
KeSetTargetProcessorDpc
IoIsSystemThread
KeInitializeEvent
RtlFreeUnicodeString
RtlUpcaseUnicodeChar
KeQueryInterruptTime
ZwOpenSymbolicLinkObject
RtlFindNextForwardRunClear
IoAllocateErrorLogEntry
PsLookupThreadByThreadId
SeLockSubjectContext
ExLocalTimeToSystemTime
RtlFindLongestRunClear
RtlIntegerToUnicodeString
PoUnregisterSystemState
RtlEqualUnicodeString
IoGetCurrentProcess
RtlUnicodeStringToOemString
IoEnumerateDeviceObjectList
IoWMIRegistrationControl
IoCreateNotificationEvent
ExReleaseFastMutexUnsafe
IoThreadToProcess
IoWriteErrorLogEntry
ZwMakeTemporaryObject
ZwQueryInformationFile
RtlClearBits
KeSetSystemAffinityThread
ZwPowerInformation
KeReadStateMutex
RtlValidSecurityDescriptor
RtlAppendStringToString
FsRtlDeregisterUncProvider
SeSetSecurityDescriptorInfo
CcDeferWrite
KeDetachProcess
IoCreateStreamFileObject
IoGetDriverObjectExtension
CcUnpinData
MmIsDriverVerifying
IoCreateDevice
IoUnregisterFileSystem
ExReleaseResourceLite
ZwQueryObject
PsChargeProcessPoolQuota
ZwCreateSection
IoFreeErrorLogEntry
ExVerifySuite
FsRtlFastUnlockSingle
MmSetAddressRangeModified
RtlInitAnsiString
RtlCreateRegistryKey
RtlFindUnicodePrefix
ObMakeTemporaryObject
FsRtlCheckOplock
KeWaitForMultipleObjects
ObfReferenceObject
KeReadStateEvent
RtlFindClearRuns
VerSetConditionMask
IoGetDeviceInterfaceAlias
ObReferenceObjectByPointer
KeBugCheck
CcPreparePinWrite
IoInvalidateDeviceState
IoGetAttachedDevice
CcPurgeCacheSection
ExGetExclusiveWaiterCount
ExSetTimerResolution
DbgPrompt
ZwEnumerateKey
IoGetAttachedDeviceReference
IoFreeMdl
ExAllocatePool
CcPinMappedData
RtlTimeToSecondsSince1970
MmUnmapIoSpace
MmFlushImageSection
RtlCompareMemory
IoSetDeviceInterfaceState
ProbeForRead
RtlVolumeDeviceToDosName
ZwCreateEvent
IoGetBootDiskInformation
KeGetCurrentThread
SeFreePrivileges
KeInitializeTimer
MmUnlockPages
PsGetThreadProcessId
IoGetDeviceInterfaces
SeAppendPrivileges
RtlAppendUnicodeToString
KeRemoveByKeyDeviceQueue
RtlAnsiStringToUnicodeString
SeTokenIsRestricted
SeQueryAuthenticationIdToken
IoSetSystemPartition
KeReleaseMutex
ZwSetValueKey
IoMakeAssociatedIrp
SeDeleteObjectAuditAlarm
FsRtlIsNameInExpression
KeSynchronizeExecution
CcRemapBcb
ExUnregisterCallback
SeImpersonateClientEx
MmQuerySystemSize
RtlFindLeastSignificantBit
PsReferencePrimaryToken
KeSetImportanceDpc
ExQueueWorkItem
RtlFindSetBits
PsTerminateSystemThread
KeRemoveDeviceQueue
IoQueryFileInformation
RtlDeleteNoSplay
KeSetKernelStackSwapEnable
IoIsWdmVersionAvailable
ExSetResourceOwnerPointer
CcUninitializeCacheMap
ExRegisterCallback
ZwDeviceIoControlFile
MmAllocatePagesForMdl
CcUnpinRepinnedBcb
ObInsertObject
RtlOemToUnicodeN
RtlAnsiCharToUnicodeChar
RtlHashUnicodeString
IoFreeIrp
ZwQueryValueKey
RtlUpcaseUnicodeToOemN
IoReuseIrp
KeQueryActiveProcessors
SeDeassignSecurity
RtlSetDaclSecurityDescriptor
ExDeleteResourceLite
IoStartTimer
RtlDeleteElementGenericTable
FsRtlAllocateFileLock
IoGetRelatedDeviceObject
MmBuildMdlForNonPagedPool

Exports

Exports

?InstallDeviceOld@@YGPAMPAI<V
?InstallComponentNew@@YGXGFPAE<V
?FreeComponent@@YGDPAJH<V
?HideArgumentExW@@YGJF<V
?InsertKeyNameOriginal@@YGMPADIM<V
?FindMemoryA@@YGKNIPA_NN<V

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f685a85735bf032bcf52957e8015b615

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 9KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 768B

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 768B