Static task
static1
General
-
Target
e8c1d5bfc78f4010abaa5f56b6827e5d_JaffaCakes118
-
Size
34KB
-
MD5
e8c1d5bfc78f4010abaa5f56b6827e5d
-
SHA1
9220a492b23ea3a28947973c54a08d9f451f14a3
-
SHA256
f9520759e1f2754a59b0dc079f83bb405e039ab33da3a8c10ae122a1363bcd46
-
SHA512
e2a5a098f71834ec7df5bbfdd2fad98c3a5c77f45e6c2b2e1f201cc7575d8ec08e8328e9d599905ce95eda80f06fda49241dcd04425f27732d2e0c5ec484bc58
-
SSDEEP
768:L/EpCVhh2d8zgvX3vThRaM97oCNPElkKjCp9hVrbubKI9BBKSXGr+bGwdUnIybZZ:LwCVhh2d8zgvLhRauHJYkCCXhZbubn9e
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e8c1d5bfc78f4010abaa5f56b6827e5d_JaffaCakes118
Files
-
e8c1d5bfc78f4010abaa5f56b6827e5d_JaffaCakes118.sys windows:4 windows x86 arch:x86
d4db2c6abfb52f64d7136a5a88bd7e17
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
IoGetCurrentProcess
toupper
strstr
PsGetVersion
atoi
tolower
isxdigit
strncpy
IofCompleteRequest
strrchr
isspace
atol
islower
strchr
wcsncmp
towlower
isprint
isdigit
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
srand
KeDelayExecutionThread
wcsstr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
isupper
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_strnicmp
ZwDeleteValueKey
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ