Static task
static1
General
-
Target
023f7cc30e2b68613aeb4da90b5070d0_JaffaCakes118
-
Size
31KB
-
MD5
023f7cc30e2b68613aeb4da90b5070d0
-
SHA1
4f4bf12d4e872e78c27d3f5868cd911b3a363481
-
SHA256
135c8716734cf74b52d51e640883c7c9e2da69e6ff2b68110f070c02a6ca1a90
-
SHA512
b5df60404fbc0a16384b71060d8bf5ba7fef323d7a7e101bc1381472a7ed15f0c928c62cc3c644a9925309ed43634272dade681cb5e199109ca812a825345a2e
-
SSDEEP
768:UBLpcDCCMav9GNpWhGhLpW32gFRvosuPtZsoRcRX/YgTp4bF2kTAJD8:4dcmdav9GNpVhts2gFhosGtZsUewgTpE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 023f7cc30e2b68613aeb4da90b5070d0_JaffaCakes118
Files
-
023f7cc30e2b68613aeb4da90b5070d0_JaffaCakes118.sys windows:4 windows x86 arch:x86
538811df9419a6f2e2b22f0d1f81b3de
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
swprintf
isspace
KeDelayExecutionThread
ZwCreateKey
wcslen
RtlInitUnicodeString
wcscat
wcscpy
isxdigit
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
MmIsAddressValid
ZwUnmapViewOfSection
isupper
strchr
srand
strrchr
islower
strstr
atoi
isdigit
atol
toupper
isprint
tolower
IoRegisterDriverReinitialization
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
RtlAnsiStringToUnicodeString
_wcslwr
wcsncpy
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ