Static task
static1
General
-
Target
038e384235b70a3ca6b38449c00998d7_JaffaCakes118
-
Size
21KB
-
MD5
038e384235b70a3ca6b38449c00998d7
-
SHA1
c4f035da21ea83ea28c0fe4f398733c3db84b5e5
-
SHA256
3bcb3a5221144ac22af9c3a1c2f17d6148f90cd6a2f42ef9aecf68e88cb2f7be
-
SHA512
0d3eb85af29d14a5650f579b61a08e09573d72804e73da62e0de9efd9f176d8b2757a016658e0fe066daf5dc350150100d03b5ace1b8438597aee5982fdd14bc
-
SSDEEP
384:0peA3brqmesnit9yLd7AeeZJqZN6uMTgNwUrSVrj4pS/WCrojq04TGmq+ei3EYln:0peKPnitUp7aZJsN6uMTgCUrSVrj4pSr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 038e384235b70a3ca6b38449c00998d7_JaffaCakes118
Files
-
038e384235b70a3ca6b38449c00998d7_JaffaCakes118.sys windows:5 windows x86 arch:x86
3f1f9ace21ee2942a46295dee5d50cbc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwClose
swprintf
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
ZwUnmapViewOfSection
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
KeDelayExecutionThread
ZwCreateKey
wcscat
wcscpy
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ