Static task
static1
General
-
Target
0336abe154e49049c8458b710c3b936e_JaffaCakes118
-
Size
40KB
-
MD5
0336abe154e49049c8458b710c3b936e
-
SHA1
8b02890712b6eb33250eed2b387651d3fac5e19f
-
SHA256
3e920610190d1d88dd381b89048a308e338d41935898f6a0b7b3f7c53e7619bf
-
SHA512
0d89c67bbc6e7ba4c7a32a3f10e7238ea4e7534cc27fb380a073da24cf732db141ee28ce1c50f110907c8819e93d54c48d21952c1588ae09b58d81e0ee8dde92
-
SSDEEP
768:I4jSNbIJSqk8an4sHgKscKrIAHms8wTlJ83X3iI1upUKTVnKFu3P+W9IA/z31HoH:IlASqk8aFH47rIAHmszJeX3i+rKToT+g
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0336abe154e49049c8458b710c3b936e_JaffaCakes118
Files
-
0336abe154e49049c8458b710c3b936e_JaffaCakes118.sys windows:4 windows x86 arch:x86
da9015c0f34b600a62607a2e7cf6a360
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
PsGetVersion
MmIsAddressValid
RtlInitUnicodeString
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenKey
wcsncpy
wcsrchr
strncpy
PsLookupProcessByProcessId
_stricmp
PsSetCreateProcessNotifyRoutine
IoGetCurrentProcess
ZwQueryValueKey
ZwSetValueKey
wcsstr
_wcslwr
RtlCompareUnicodeString
KeTickCount
KeQueryTimeIncrement
swprintf
_wcsnicmp
wcslen
_wcsicmp
_snwprintf
wcschr
ZwCreateFile
ZwDeleteKey
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
wcscat
wcscpy
_except_handler3
strncmp
ZwCreateKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetInformationFile
IofCompleteRequest
KeQuerySystemTime
IoDeviceObjectType
RtlCopyUnicodeString
KeDelayExecutionThread
IoRegisterDriverReinitialization
PsCreateSystemThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 45B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ