Static task
static1
General
-
Target
ecff4a8439afee7f5d2389c64c55068e_JaffaCakes118
-
Size
5KB
-
MD5
ecff4a8439afee7f5d2389c64c55068e
-
SHA1
8a46fa12d465a6182a72de4a7d7754b84acde128
-
SHA256
f5cf28b0206df3bee9b2ac7ca591b20d32763355ce6775e0a6dd2d10bab4e885
-
SHA512
d845895def20b6b5250f55d194381d6e22c735322362fd9b88566a285742f99a00590969dbaec7d40618b4f0e8f12ccecef89cc7770f8e8a7f6221b16dde504f
-
SSDEEP
96:tL1zyhzlBflfgBJJ3gBewr4PAo2/aEnoh65X2kmdNofzgTMsDsw6:0faJFGewrXrlonkmILg/L
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ecff4a8439afee7f5d2389c64c55068e_JaffaCakes118
Files
-
ecff4a8439afee7f5d2389c64c55068e_JaffaCakes118.sys windows:4 windows x86 arch:x86
508b302c4dce1c22628e50883232f1b7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoGetDeviceObjectPointer
ObDereferenceObject
ObReferenceObjectByName
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwAccessCheckAndAuditAlarm
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwClearEvent
ZwClose
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
IoGetCurrentProcess
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwOpenKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwSetValueKey
ZwTerminateProcess
ZwYieldExecution
KeServiceDescriptorTable
IoDriverObjectType
IoCallDriver
ZwDeleteFile
IoBuildDeviceIoControlRequest
ndis.sys
NdisRegisterProtocol
NdisDeregisterProtocol
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 320B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 288B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 448B - Virtual size: 426B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ