Static task
static1
General
-
Target
f625d4b5de5b598299b347e936acd1bb_JaffaCakes118
-
Size
40KB
-
MD5
f625d4b5de5b598299b347e936acd1bb
-
SHA1
a169437d218c0e3145524a004251602e1b20c7e2
-
SHA256
78e64a370531de8bb92144a134069ac5f8c3a9643f2b74ae871394af565ea7e0
-
SHA512
5f9f886aec78507f8d623a816d20c81369e1e3dc18a8a3ba18c3dd8a2dc0c4ac51c3757e9285800d7f2bf3797a41ff40db26b3bea7f56e481a05d8adcb192957
-
SSDEEP
768:2F7StSZN3O6d/U7P+6RjemiWLeM21LgH4NaORoH2pPXMGYjPudaXqea6C:i2SzOaU7P+65iWLehgH8aO1X1YjPudae
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f625d4b5de5b598299b347e936acd1bb_JaffaCakes118
Files
-
f625d4b5de5b598299b347e936acd1bb_JaffaCakes118.sys windows:4 windows x86 arch:x86
c213edaefae93ecad93046b305e314d3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
wcslen
swprintf
wcscat
wcscpy
MmIsAddressValid
_wcsnicmp
ObfDereferenceObject
KeTickCount
KeQueryTimeIncrement
_stricmp
PsGetVersion
ZwSetValueKey
ObReferenceObjectByHandle
ZwQueryValueKey
RtlCopyUnicodeString
IofCompleteRequest
ZwDeleteKey
ZwOpenKey
PsCreateSystemThread
wcsstr
_wcslwr
ZwCreateKey
_wcsicmp
_except_handler3
KeDelayExecutionThread
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcsncpy
wcsrchr
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
strncmp
RtlCompareUnicodeString
_snwprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoDeviceObjectType
strncpy
PsLookupProcessByProcessId
IoRegisterDriverReinitialization
ExFreePool
_snprintf
RtlAnsiStringToUnicodeString
ZwSetInformationFile
ZwCreateFile
wcschr
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 58B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ