Static task
static1
General
-
Target
04c9a448b81003fcbd447c32ecba4777_JaffaCakes118
-
Size
40KB
-
MD5
04c9a448b81003fcbd447c32ecba4777
-
SHA1
f19f1a9ac577b0ed12c11811c3269d912606de43
-
SHA256
8c5508f741f67625cb9f2dff710ca147da6d665005e031c9df14c41be0a581e0
-
SHA512
1af9efbf72c2ccdeba0afca0bf2d9193e6a7029bf663fc2fec9b51592f83fecab3a531c3e9e2d5eeb72947bcf441d69c7bb2fc29c82109fc05d86b6cde147a75
-
SSDEEP
768:Xg37eIaBWQ9mCqs7nUYI0FUKfa6DQ4eibFTeINSQlDhKaqZEv3owX2yBNUkh9WQO:Xq7lmmcnUYNFid4eixoQuaaEfTXpNvBO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04c9a448b81003fcbd447c32ecba4777_JaffaCakes118
Files
-
04c9a448b81003fcbd447c32ecba4777_JaffaCakes118.sys windows:4 windows x86 arch:x86
c0f91ff97859a2d1db2cd9aaa932eb8d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
swprintf
KeQuerySystemTime
ZwSetValueKey
ObReferenceObjectByHandle
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
_wcsicmp
wcsncpy
wcslen
wcsrchr
RtlAnsiStringToUnicodeString
MmIsAddressValid
_stricmp
wcsstr
_wcslwr
ObfDereferenceObject
ZwQueryValueKey
_except_handler3
wcscat
wcscpy
_snwprintf
ExAllocatePoolWithTag
strncpy
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
IoDeviceObjectType
strncmp
IoGetCurrentProcess
PsGetVersion
ZwCreateFile
PsCreateSystemThread
RtlCompareUnicodeString
ExFreePool
_snprintf
KeTickCount
KeQueryTimeIncrement
IofCompleteRequest
RtlCopyUnicodeString
wcschr
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
KeDelayExecutionThread
ZwSetInformationFile
ZwCreateKey
_wcsnicmp
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 74B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ