Static task
static1
General
-
Target
038c845968055652c1be2ffe4597e538_JaffaCakes118
-
Size
22KB
-
MD5
038c845968055652c1be2ffe4597e538
-
SHA1
0d3454f85d1a4b81904d01cbea581b2c3000cd97
-
SHA256
244a01ff0c0f31e2e0efafc43409859fcd9b3b807a408e81c19be19ae65ff71d
-
SHA512
b9eb03476098f36fcb46a6b13cfb83d9939cf377e5628477f3a0a8d83b41ade0dc4a10e9cd4a983c7154017c610387f397eb9035cde530d095badd9a0779bd40
-
SSDEEP
384:o5T98gm2SoJjeZiVxkUoXJRIZwRkLUio0rwXz/t4HKtF:oCnsIekFXDMw7Xz/tIu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 038c845968055652c1be2ffe4597e538_JaffaCakes118
Files
-
038c845968055652c1be2ffe4597e538_JaffaCakes118.sys windows:5 windows x86 arch:x86
aae72efed0a8e07894e98cf2e5e2d79a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
ZwCreateFile
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmIsAddressValid
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwUnmapViewOfSection
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 608B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ