Static task
static1
General
-
Target
02936ff895c3f40201f3fff869bda038_JaffaCakes118
-
Size
23KB
-
MD5
02936ff895c3f40201f3fff869bda038
-
SHA1
3efa3e6cbb2a427d33f023bc715fca985d59cd40
-
SHA256
5a2f661a79263fb97ead1b18444a490fbe13a7d2d2f4657d190eda1d6888267f
-
SHA512
7ef20516d1cf9f322c13a826ddabb73eb30ba26d9c2ecde6d6630cfbb08b2f8c37a37c87781eb5307fd2403119f52439ea5ad2be297139b5a79a688dd7354632
-
SSDEEP
384:B0kAfaM+JM2qCU2omxPQPqmu9tZd37sAY233ateRN9Cjjw+K1f0hn98wX1m:BiiMk4Por5tRC/IwX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 02936ff895c3f40201f3fff869bda038_JaffaCakes118
Files
-
02936ff895c3f40201f3fff869bda038_JaffaCakes118.sys windows:5 windows x86 arch:x86
3bd1568b71484ac308a537414fe32822
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
MmIsAddressValid
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
ZwCreateKey
wcslen
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwUnmapViewOfSection
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ