Static task
static1
General
-
Target
081bf56cacf67ca527f80560631ddc1d_JaffaCakes118
-
Size
26KB
-
MD5
081bf56cacf67ca527f80560631ddc1d
-
SHA1
20eb8ba5474ea6f86bb7e524a723624e0aa0464b
-
SHA256
a8a07dd99beacd6d44c344cd076e8e8c15fb610305bf13ef7a9b2acd4b96422f
-
SHA512
15ba70e31b88a2a29f317828234a9f9f3527e58e27773f68ca3e0470ec74bb628bf471abf2c3134b9d70ef284ee23336230a4c0ffe0cd5ab0d588ce40e168792
-
SSDEEP
384:ibxVzQcQJ7IJnAygVg7PjyDOOLSrG6j/22Zu8OYZgEmzVNN+xJdIjkov2zopqLsV:yxV+aA0cepiEJNHz3vXgr2xw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 081bf56cacf67ca527f80560631ddc1d_JaffaCakes118
Files
-
081bf56cacf67ca527f80560631ddc1d_JaffaCakes118.sys windows:5 windows x86 arch:x86
7456e33fa2ab9ec446ac6ae3525f601f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
swprintf
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
ZwCreateKey
wcslen
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 614B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ