Static task
static1
General
-
Target
e296a4f1ac0353f57e7ef5f7f75c30c8_JaffaCakes118
-
Size
40KB
-
MD5
e296a4f1ac0353f57e7ef5f7f75c30c8
-
SHA1
b220d3a756426ccb05cf2c083f59d371b67628ee
-
SHA256
00804448b4d6fc67c56247609805f13f72354fd9fad9798697a39655c9efd72a
-
SHA512
3facbce5dcac7aa5e7546385940646e76a08fe3c510afaa553a74062175e64bc2248938dae7c34c1ed33a2e38c5ab61e824f10eb0cc27aabd71a31f4a471f071
-
SSDEEP
768:lvPI3Rnc1Ih4q/wXo3iH+tmkUdgDvpG1S3zxGSY7splhhczHH2MBD/Jk/kQiLtZX:RPkGItY43iH+tmdKliSj8pspdUHHLZ/j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e296a4f1ac0353f57e7ef5f7f75c30c8_JaffaCakes118
Files
-
e296a4f1ac0353f57e7ef5f7f75c30c8_JaffaCakes118.sys windows:4 windows x86 arch:x86
3b73cf10a9328b4a79773d0105213ee9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeTickCount
KeQueryTimeIncrement
_stricmp
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwCreateKey
_snwprintf
ExAllocatePoolWithTag
RtlCompareUnicodeString
ObfDereferenceObject
ExFreePool
wcslen
swprintf
wcsncpy
wcsrchr
_wcsnicmp
ObReferenceObjectByHandle
KeQuerySystemTime
MmIsAddressValid
ZwSetInformationFile
ZwCreateFile
wcscpy
IoDeviceObjectType
_wcsicmp
strncmp
wcsstr
_wcslwr
_except_handler3
wcscat
KeDelayExecutionThread
IoGetCurrentProcess
_snprintf
strncpy
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
IofCompleteRequest
PsCreateSystemThread
PsLookupProcessByProcessId
PsGetVersion
wcschr
PsSetCreateProcessNotifyRoutine
RtlCopyUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 61B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ