Static task
static1
General
-
Target
027369953fc70589c7efaa024b1d866e_JaffaCakes118
-
Size
22KB
-
MD5
027369953fc70589c7efaa024b1d866e
-
SHA1
f951331b25fdd83eea8e9ed772f4ee1d7a736359
-
SHA256
68968646412b3545f51b8d2afc461e434f6405038e2274cdabeb4155dc86539e
-
SHA512
6cf35bc69dd5f1672e0af182f4f4887a4ba1a18aa09117a8ca34bdba006dfbc9f328a9ed7a0d368e5058a6dd7d60d20cab17303615813a83525209a984c89e63
-
SSDEEP
384:jzxIP7FxbwjZyWjyGKcBZTzLvcwMpmk42IVt7tqoIzLZj+wjXWA+bVkT9hrbm68w:jKazDxLvapO375pE6m
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 027369953fc70589c7efaa024b1d866e_JaffaCakes118
Files
-
027369953fc70589c7efaa024b1d866e_JaffaCakes118.sys windows:5 windows x86 arch:x86
f7616ccc9546172fb6cdf1c13066704f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
IoRegisterDriverReinitialization
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateKey
wcslen
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 602B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ