Static task
static1
General
-
Target
8f7da75d256a3672abd004c06d380072_JaffaCakes118
-
Size
665KB
-
MD5
8f7da75d256a3672abd004c06d380072
-
SHA1
77a327d79d28f885941e62eef0d5b965dd2aa2b7
-
SHA256
3fe5e866298ee6f5dd947686c56b9ded9f421f1402d293e06fa33afa72833d37
-
SHA512
739ff9481caef9e403859bad0cf4623d588d08ef1089035604e9ca96e77055ecbabb28ca7db4fa66d0773716fc0fb0f442bcd5905ed39b82fe374c69d6dbc0a8
-
SSDEEP
12288:lApgoXYnXyTqY19CHpu/8rjn5naxcxcM8m715WULZM3X7cr:lACnXy2Y1448rjR/fLB5WUIC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8f7da75d256a3672abd004c06d380072_JaffaCakes118
Files
-
8f7da75d256a3672abd004c06d380072_JaffaCakes118.sys windows:6 windows x86 arch:x86
908ce5e2b29090723656f0ebf8e225fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
swprintf
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfAcquireSpinLock
HalMakeBeep
Sections
.text Size: 119KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bea0 Size: 424KB - Virtual size: 424KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bea1 Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ