Static task
static1
General
-
Target
e28134fd416a04875e3b06775cef8e28_JaffaCakes118
-
Size
41KB
-
MD5
e28134fd416a04875e3b06775cef8e28
-
SHA1
456e3cbcbe72a7629dd377cab7893c3428565948
-
SHA256
dc92768baf8af501cf3464c6f0de27e6728ed39edaa8e1b5f0f10bccc418d25b
-
SHA512
75a80098df97b6d629d6ac2d5df03db2287215ce1f320453bc6ba5c337252c90fac9141e2bada006b5673f87899143ed7ca4737f25fec65a913ca5b86963924c
-
SSDEEP
768:E3uEHQQr3ZkkQWWr05PPnawKLZULl+P7yR8hz+d8x71oc006DFDXVrS:YZzekQWM0Pn0lULw7lhz+d8x71oc002m
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e28134fd416a04875e3b06775cef8e28_JaffaCakes118
Files
-
e28134fd416a04875e3b06775cef8e28_JaffaCakes118.sys windows:4 windows x86 arch:x86
b5da8b10cfbc0a247ed4ef14b7240d42
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_stricmp
swprintf
wcsstr
_wcslwr
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
strncpy
PsLookupProcessByProcessId
ZwSetValueKey
KeTickCount
KeQueryTimeIncrement
ZwCreateKey
wcslen
wcscat
wcscpy
_wcsicmp
ZwQueryValueKey
_except_handler3
_snwprintf
ExAllocatePoolWithTag
MmIsAddressValid
wcsncpy
wcsrchr
ZwCreateFile
ObReferenceObjectByHandle
KeQuerySystemTime
ExFreePool
ObfDereferenceObject
IoRegisterDriverReinitialization
IoGetCurrentProcess
PsGetVersion
_wcsnicmp
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
MmGetSystemRoutineAddress
RtlCompareUnicodeString
IoDeviceObjectType
PsSetCreateProcessNotifyRoutine
ZwSetInformationFile
_snprintf
RtlCopyUnicodeString
KeDelayExecutionThread
wcschr
PsCreateSystemThread
RtlAnsiStringToUnicodeString
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 71B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ