Static task
static1
General
-
Target
61fc7c832f364ea1a566d79501a5e14a_JaffaCakes118
-
Size
647KB
-
MD5
61fc7c832f364ea1a566d79501a5e14a
-
SHA1
5f6893a3b30c57606afe2fbb018b27031c6dfe65
-
SHA256
b58466b847691f6de4d3222c5359df8c875657b5a961bff0c9db36cd87063b2f
-
SHA512
e7876b45ac9a9e07a8677300f2e961cc47fe6922e854d60e2f66792f40f7e702b7265b534b1e56cd1f5a6faef1a7cec4905b0fb301dcab2d0831800ec6e7b559
-
SSDEEP
12288:3nBkYoANUM/44fuPulqqfJpOuRtU+CWt0qp4Q6jBQsAn16QblD/3obL1g+5wW:3nBkBAFbfiulDfbOujo4leQ6jSn16QbE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 61fc7c832f364ea1a566d79501a5e14a_JaffaCakes118
Files
-
61fc7c832f364ea1a566d79501a5e14a_JaffaCakes118.sys windows:6 windows x86 arch:x86
fa1f31ca76314ecbf7e3ab886600135f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlQueryRegistryValues
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfReleaseSpinLock
HalMakeBeep
Sections
.text Size: 123KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bea0 Size: 404KB - Virtual size: 404KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bea1 Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ