Static task
static1
General
-
Target
029ff366736a8017df8853c99018369d_JaffaCakes118
-
Size
21KB
-
MD5
029ff366736a8017df8853c99018369d
-
SHA1
39e4e4094c2fbf57d5a55075fd6b16a1adb38fda
-
SHA256
eb4cd7eb7d523f348812c1aa53dc3dfb8ab079e6d81ef908af4b3610b2088dc3
-
SHA512
54a259c8e0a941f62ccd4b99f03ea5471ea813fe59e25313d4d6c0c10a56b4e4fa61b980b218d1da0209ea08aca39d94d56aba7659a0f6995e023d2c42de54e0
-
SSDEEP
384:P/4CL8ZniODEnPY5UJCj2/wwcxRJ6uF6BY9gq/3iiHDk3UnwOHm62t+fGWxVUdi:YCQZhDEPYCJCj2/hcxquF6BY9gq/3iij
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 029ff366736a8017df8853c99018369d_JaffaCakes118
Files
-
029ff366736a8017df8853c99018369d_JaffaCakes118.sys windows:5 windows x86 arch:x86
f2655f577e0a8ee29c4a05425458868a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
MmIsAddressValid
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy
swprintf
KeDelayExecutionThread
ZwCreateKey
wcslen
wcscat
wcscpy
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
IoRegisterDriverReinitialization
ZwUnmapViewOfSection
strncmp
IoGetCurrentProcess
_wcsnicmp
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 572B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ