Static task
static1
General
-
Target
f1533463e298d6c43b370a7c3b71b46f_JaffaCakes118
-
Size
25KB
-
MD5
f1533463e298d6c43b370a7c3b71b46f
-
SHA1
c92f00963798fae96fcc42ff3826eb100c4597dc
-
SHA256
0a0481b2f04009c9b4b2fe48139b55d3466bcbcc529ce6d331ac2c137bff5034
-
SHA512
27f97833b16c46bc832da7e9870515329d78ed7f1c07c377e17dad25a5ccd8c45980d409f088ea2da2da9858511c5f8d114d4edb2a7cf1e55547dfc7460f2e5c
-
SSDEEP
768:guxdBTMNvDi20dQOTLuxVv6IKtPnyErVVp:lxdBQFDu6OHKVCP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f1533463e298d6c43b370a7c3b71b46f_JaffaCakes118
Files
-
f1533463e298d6c43b370a7c3b71b46f_JaffaCakes118.sys windows:5 windows x86 arch:x86
f9d7db5ca3443456f405f785f8b3e665
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
ExFreePool
wcscat
wcscpy
ZwEnumerateKey
ExAllocatePoolWithTag
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IofCompleteRequest
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
strncpy
wcsstr
wcsncmp
towlower
_strnicmp
IoRegisterDriverReinitialization
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 778B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ