Static task
static1
General
-
Target
41066b85e8bd85f377cb9713ca296882_JaffaCakes118
-
Size
648KB
-
MD5
41066b85e8bd85f377cb9713ca296882
-
SHA1
43cddef23f8d1e0697ffd1e7c492c8070b6287fc
-
SHA256
26150a26ab7e62b2f5bbba5c31c5bb392de9fd48a5e1fd3cbafe3f7cb8821a4b
-
SHA512
d8af2acff5bc80b2ca403b3aefae727c8bc8f419417f26f5e8fc065728a6683f42c2b3c883f439d5c8ef5848bb393f8f908f5861cbdd21f6615b003f37219990
-
SSDEEP
12288:9lJDSGjg3p68ZKs9k3ZoiyIGy+YjJ9yV2+adhL+dZzhxMM/qODVhPnqmdkteCz:93DdjyKs9OZVIy+Yt9B+a+flxMM1HqXt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 41066b85e8bd85f377cb9713ca296882_JaffaCakes118
Files
-
41066b85e8bd85f377cb9713ca296882_JaffaCakes118.sys windows:6 windows x86 arch:x86
c6f8ef69ba5fe00e2ffc805dcb2211b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeWaitForSingleObject
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: 123KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bea0 Size: 406KB - Virtual size: 406KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bea1 Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ