Static task
static1
General
-
Target
ec37c50bd8c6aff5783b61fa7321be50_JaffaCakes118
-
Size
40KB
-
MD5
ec37c50bd8c6aff5783b61fa7321be50
-
SHA1
35d0807126416c1851a125654b1877ceae1f7167
-
SHA256
00caca91090e71736bd875be07d31bb10b9ca159ef978871b52eca08b85de198
-
SHA512
694c8f3fd840f4417aeba26f9a5d5d7e60eec3ef95511f72315f7d36506d726c37c41053cc47de1839d2705fa8e2d81cc1a71f5f3da738d60fdcde40d02eb8da
-
SSDEEP
768:W/PCAwr9LMdizLBVQE0XFpCd/WNHc1i1tyEv6JCCC8RsPZyW4bTsKA0ixv4h7nn3:W/6AwqdizLBOE0Fo0cIxv2tC8YybTsKd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ec37c50bd8c6aff5783b61fa7321be50_JaffaCakes118
Files
-
ec37c50bd8c6aff5783b61fa7321be50_JaffaCakes118.sys windows:4 windows x86 arch:x86
8ab3a60406a2bfbcc48a92b42bdefd74
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
PsSetCreateProcessNotifyRoutine
wcslen
wcscat
wcscpy
_wcsicmp
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
RtlCopyUnicodeString
ZwDeleteKey
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
IoGetCurrentProcess
PsGetVersion
RtlCompareUnicodeString
IofCompleteRequest
RtlAnsiStringToUnicodeString
strncmp
_stricmp
swprintf
wcsstr
_wcslwr
strncpy
PsLookupProcessByProcessId
ZwCreateKey
ExFreePool
_snprintf
ExAllocatePoolWithTag
_snwprintf
MmGetSystemRoutineAddress
_wcsnicmp
ZwSetInformationFile
ZwCreateFile
IoDeviceObjectType
IoRegisterDriverReinitialization
KeDelayExecutionThread
KeQuerySystemTime
wcschr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
PsCreateSystemThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 69B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ