Static task
static1
General
-
Target
0193a829078703b289b5e66079f9e7cc_JaffaCakes118
-
Size
22KB
-
MD5
0193a829078703b289b5e66079f9e7cc
-
SHA1
317fb91b8ce282651066268dc1d7080ccbe93d84
-
SHA256
887d0ceaac5a4e753af86a940d9141a7b247cc57897a3f687eb2cbe4fc72f90d
-
SHA512
cf1eb63988748a1ccd58fbf2ceb4a1584cf1d24e82049f8f046eb127d27892477f35451a099b55e61216ccdb62af6526f1136214c8dc4f2d079593b96984445b
-
SSDEEP
384:npqaG0kiDY7f23mnxLCkJAaV/IcNFMcA/r/pNvqZY2J50I21yIRIUonh7sR1mGEQ:PGgDIK9aVQrf/vq2M5XIRI7hO1q3Dg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0193a829078703b289b5e66079f9e7cc_JaffaCakes118
Files
-
0193a829078703b289b5e66079f9e7cc_JaffaCakes118.sys windows:5 windows x86 arch:x86
4e6312f57d78bf00f334428bb0734f11
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
MmIsAddressValid
ZwCreateKey
ZwUnmapViewOfSection
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 614B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ