Static task
static1
General
-
Target
06f1ec51eeb8e8d64502cfb8545324e1_JaffaCakes118
-
Size
22KB
-
MD5
06f1ec51eeb8e8d64502cfb8545324e1
-
SHA1
b756a24b6b9d524951a3178a3113a5925db20d54
-
SHA256
fa0b03b41d27c51940524641bdd4e753dc16b9cb4b3d317a013296957e500025
-
SHA512
2fd1e490aa4a82322e950bddd818bede3e90d566951ebbf33146e467a30149f5e9036172b7662dabe2f388cbc5b89d2855cb4032c0664b3c18b5b0610aec5081
-
SSDEEP
384:diNumTWfY7U0VTBafqcacWfMuE2DBVOSbRPCbX1aN9IUOIFABXzUMQo9iAh:djmKfYwmB+qc+E2DBVVRPCbgN9IUO0ar
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 06f1ec51eeb8e8d64502cfb8545324e1_JaffaCakes118
Files
-
06f1ec51eeb8e8d64502cfb8545324e1_JaffaCakes118.sys windows:5 windows x86 arch:x86
a1793139d9e7689623b3fa7704a1fdcc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
ZwClose
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateKey
wcscat
wcscpy
PsGetVersion
_wcslwr
wcsncpy
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ