Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
General
-
Target
b1c04f6eb126b94b44fa9fdfccf53d64_JaffaCakes118
-
Size
652KB
-
MD5
b1c04f6eb126b94b44fa9fdfccf53d64
-
SHA1
f39f6178dc1f0ccd7601f5bbef08067eaa15b09e
-
SHA256
5a127baa4a1c185a0f20f2c649d82fb5cc4f8a7e94e48aa1d5ebaf64b063f0c4
-
SHA512
c5df8ca94d813a1256a4dc01c213a66fc6ab67a5d783f02dc1fc559e65db0aee1da414f55d211ec962d8c63fd5db64d0feb3eec58994c8811175010451771632
-
SSDEEP
12288:bELYEk3qfKraknJ2y72qauHcBzLB0pgk1Z59ApMaDDk39jOe3e0+BKX6vvOml0V:QlfKrakEybNH4LegknApJDDkN13eJ7Gt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b1c04f6eb126b94b44fa9fdfccf53d64_JaffaCakes118
Files
-
b1c04f6eb126b94b44fa9fdfccf53d64_JaffaCakes118.sys windows:6 windows x86 arch:x86
aff3afdd86395104e29518ce70f3e5de
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExSystemTimeToLocalTime
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeReleaseInStackQueuedSpinLock
HalMakeBeep
Sections
.text Size: 119KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bea0 Size: 411KB - Virtual size: 411KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bea1 Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ