Static task
static1
General
-
Target
ec037e7c7d885a0b1a8f863efa53fd54_JaffaCakes118
-
Size
40KB
-
MD5
ec037e7c7d885a0b1a8f863efa53fd54
-
SHA1
8130f6d54bc77f098165e277d18501a6d169196e
-
SHA256
72e6894b8178e77e87b8ed7426bdb3c363523322609d19b433c75af71e7bf6c1
-
SHA512
44f883d0fbf0ae9d5c530eb66f5517b49d91c100b9c5b4e4b00521825e38e730e18c4da326fee6421c1ce8a147c8dfc75e9573284e01c61cc247f9cd522a7546
-
SSDEEP
768:QBL/76yfA8sRKWQwV0fkg2VTSWbY/Jwm4kohc8X1FW/nxtx69mn1f2:QBglKWQ5Mg2ZSWdXkohc8jGnLFn1f
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ec037e7c7d885a0b1a8f863efa53fd54_JaffaCakes118
Files
-
ec037e7c7d885a0b1a8f863efa53fd54_JaffaCakes118.sys windows:4 windows x86 arch:x86
635f7ee468b268cdc595dc503292f55b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
wcslen
ZwCreateKey
wcsncpy
wcsrchr
PsGetVersion
strncpy
PsCreateSystemThread
ZwSetValueKey
ObReferenceObjectByHandle
ZwDeleteKey
ZwOpenKey
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
KeQuerySystemTime
IoRegisterDriverReinitialization
_snprintf
_wcsnicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snwprintf
wcschr
ZwQueryValueKey
_except_handler3
MmIsAddressValid
_wcsicmp
wcsstr
_wcslwr
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
RtlCopyUnicodeString
RtlCompareUnicodeString
wcscat
wcscpy
PsLookupProcessByProcessId
_stricmp
MmGetSystemRoutineAddress
ZwSetInformationFile
IoDeviceObjectType
KeTickCount
KeQueryTimeIncrement
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 57B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ