Static task
static1
General
-
Target
05605e2b50255e1581e8b33b34ad3147_JaffaCakes118
-
Size
447KB
-
MD5
05605e2b50255e1581e8b33b34ad3147
-
SHA1
038814e86fa10b1129a6715b0c989be5eb038fcb
-
SHA256
d67bddfe87238786220da082c311cc8ffdf99e8812f21eb552a7ab4192931227
-
SHA512
0c0da84bf06c217acb9531e94809e2a909ecda6a0a6cbe9a3ff7d2aa85978c70408db0d4b64e85cdbaf18fa82b2b8181e185b8f0f72478528b6ad3ca81c48632
-
SSDEEP
12288:9T8XPKCLhuXKdatGqvGPUu7MhtGB4dd/Kbr:gKCLUGPUu7ctGBok
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 05605e2b50255e1581e8b33b34ad3147_JaffaCakes118
Files
-
05605e2b50255e1581e8b33b34ad3147_JaffaCakes118.sys windows:4 windows x86 arch:x86
7cd129c8e2e39c6fbcc370fe42a1dd83
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlCopyRangeList
IoFreeIrp
InterlockedExchangeAdd
PsReturnPoolQuota
ExAllocatePoolWithTagPriority
PsChargeProcessPoolQuota
RtlCopyUnicodeString
RtlCompareUnicodeString
MmResetDriverPaging
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 400B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.INIT Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 222B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ