Static task
static1
General
-
Target
039bfc849400f1cddd0af485d64f6277_JaffaCakes118
-
Size
22KB
-
MD5
039bfc849400f1cddd0af485d64f6277
-
SHA1
d0cd71274d7bff340d0fd5a002b7bf3bcaa3425f
-
SHA256
4e9a1755c4a68dd7ce70f6d61747c110a0c6b28d7cc47b24f1df9cdd78d0ec75
-
SHA512
b1645433b9d5614b27220200ecec51e95ada714024c5ce9d0f1b9b1804255b47ac4b8927e703a5e948d3e7fb8d56c17ac5b4104ddbddc0345c7dd19ca8ec57b7
-
SSDEEP
384:Btt37riSCq00HvMoLRMqP2qo1l0q7e4/hLd2r5WjXJ4E4aUjKdKbBY20YlZxvbWE:BtNfL0O0oKg2dfhsr2HJ3qbWyFr3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 039bfc849400f1cddd0af485d64f6277_JaffaCakes118
Files
-
039bfc849400f1cddd0af485d64f6277_JaffaCakes118.sys windows:5 windows x86 arch:x86
2cac8dd66ae6a56ea823a389a825ccf6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateKey
wcslen
wcscat
wcscpy
ZwCreateFile
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
RtlAnsiStringToUnicodeString
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ