Static task
static1
General
-
Target
f0e571cd965d7ef4429956c9d8b96072_JaffaCakes118
-
Size
31KB
-
MD5
f0e571cd965d7ef4429956c9d8b96072
-
SHA1
e9c9f2c938993dccd45793614cb0cf21b029c8bb
-
SHA256
079b9d94e32abfb99a3260283381f9e2d7598ee7abc3a5246c2174fed747e20c
-
SHA512
2d21c3e29b9acffdf0f21ab6a1dc8693a00409f45d17676db11ce039a68b28f39623f085fd9a04557d8e190239f2fba4c3672d1b77e56a2c06ecd014335d6d19
-
SSDEEP
768:2rBAUnU4aI1I3//kZQhDgIDdchQrs5Qgm7X:fsFaIS3/lhDgIDdchQR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0e571cd965d7ef4429956c9d8b96072_JaffaCakes118
Files
-
f0e571cd965d7ef4429956c9d8b96072_JaffaCakes118.sys windows:4 windows x86 arch:x86
cc8dee3c38cd178cf5f081a6c2c556a1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
wcsncmp
towlower
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
IoRegisterDriverReinitialization
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 794B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ