Static task
static1
General
-
Target
79e31c8ca343421177a3da0af15b9d74_JaffaCakes118
-
Size
723KB
-
MD5
79e31c8ca343421177a3da0af15b9d74
-
SHA1
8fc8cdc30a5830ccf43fad2e89252dad3b55f241
-
SHA256
20ec12c319694ef00aa05df3d5dde2cfac77caf038f5cc9a134d4aaa7313b7a9
-
SHA512
5347764e8b36e1644af14c576463d676370cedd733af9b976ce4e2bb78d13719664207fce9f34a37f6a06ffdb55e65fc0d40f55afa836f9dc727e22cee398db1
-
SSDEEP
12288:L7Bm2y0rhoYNTyXV9WTjj1pCZn4r3JektsFgo943nCnHJ99Cb+FIoI3UrvhI0Gyo:LNm2y02YNTyF9s1EZn4MzFg0nX9ZFIL7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 79e31c8ca343421177a3da0af15b9d74_JaffaCakes118
Files
-
79e31c8ca343421177a3da0af15b9d74_JaffaCakes118.sys windows:6 windows x86 arch:x86
aa25f5440e9479451755ebb085b27ac7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwAssignProcessToJobObject
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bmm0 Size: 464KB - Virtual size: 464KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bmm1 Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ