Static task
static1
General
-
Target
00662ddaf9948167c2db006678c03762_JaffaCakes118
-
Size
49KB
-
MD5
00662ddaf9948167c2db006678c03762
-
SHA1
81337cff0e48e2dd8e6efa099c63a37464f8b178
-
SHA256
84c74582f953a582933825d16ec80fad51f97223cc8bb8ab4e6c178daa341249
-
SHA512
b1a37c6ebd9571be455b167bb3e118fe7525667da980f86891f42a4cb18aadd2c825322af2eb1d18757b40298fefae73ecc8b112c40e4477d29f9e493cbe8e79
-
SSDEEP
768:a2JyTiqXu014K6qLxnxLka+e7nkEurk7dHvEske5UNYf6ULI4gyK:7K8M7nPCbY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 00662ddaf9948167c2db006678c03762_JaffaCakes118
Files
-
00662ddaf9948167c2db006678c03762_JaffaCakes118.sys windows:4 windows x86 arch:x86
b6a3907827fb3547770ba78aba79e873
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwCreateFile
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlAnsiStringToUnicodeString
swprintf
MmIsAddressValid
ZwUnmapViewOfSection
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsSetCreateProcessNotifyRoutine
ZwCreateKey
PsGetVersion
_wcslwr
wcsncpy
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 724B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ