Static task
static1
General
-
Target
08d56a47ca1382c51f7117a6e98d58a4_JaffaCakes118
-
Size
121KB
-
MD5
08d56a47ca1382c51f7117a6e98d58a4
-
SHA1
5a331b69b5272eff4bcaa14b1576ea948832110e
-
SHA256
7f8bc5b7a9db193a4adc4ca8ecbb44ae31e5a5439c7379bdc705e0603c5bfaf8
-
SHA512
dad42a70b7c668069e4211bf600dec0bc37cb5623f9f8f78a17174e240c83b55ff48b7256cf06567dea0703eeca5605ba63eaa3bbc9df91e39ff26567af9b739
-
SSDEEP
1536:+J0tFwyBGn09bePj5BaPaU/U39RpKBLn6m:C07vBS0pmdBgE9rKBLn6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 08d56a47ca1382c51f7117a6e98d58a4_JaffaCakes118
Files
-
08d56a47ca1382c51f7117a6e98d58a4_JaffaCakes118.sys windows:5 windows x86 arch:x86
dd37c78ce4f89fc0ffdd8d578d893cd5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoUnregisterShutdownNotification
IofCompleteRequest
IoStopTimer
PsSetLoadImageNotifyRoutine
NtBuildNumber
MmIsAddressValid
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
_strnicmp
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
ExAllocatePoolWithTag
RtlLengthSid
SeExports
ZwClose
wcsrchr
ZwSetValueKey
ZwDeleteValueKey
ZwCreateKey
ZwQueryValueKey
ZwOpenKey
memset
wcsncpy
_wcsnicmp
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
RtlCopyUnicodeString
IoFreeIrp
IoFreeMdl
KeSetEvent
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
SeCreateAccessState
IoGetFileObjectGenericMapping
KeInitializeEvent
ObfDereferenceObject
IoAllocateIrp
ObCreateObject
IoFileObjectType
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
memcpy
PsTerminateSystemThread
KeCancelTimer
KeWaitForMultipleObjects
KeSetTimerEx
KeInitializeTimerEx
KeSetPriorityThread
PsCreateSystemThread
MmUnmapLockedPages
KeSetAffinityThread
KeNumberProcessors
MmMapLockedPages
_except_handler3
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwQuerySystemInformation
_strlwr
strrchr
IoGetCurrentProcess
strstr
_snprintf
ZwQueryDirectoryFile
InterlockedPopEntrySList
InterlockedPushEntrySList
ExfInterlockedRemoveHeadList
ExfInterlockedInsertHeadList
strncpy
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoStartTimer
IoInitializeTimer
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwEnumerateKey
ZwQueryKey
IoBuildDeviceIoControlRequest
MmProbeAndLockPages
IoCancelIrp
MmGetSystemRoutineAddress
PsGetVersion
KeTickCount
KeQueryTimeIncrement
_alldiv
_allmul
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
strchr
strncmp
ExAllocatePool
IoCreateFile
ExFreePoolWithTag
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 512B - Virtual size: 69B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.upx0 Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 752B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ