Static task
static1
General
-
Target
0a75b7b38a0bd5e588f03e927d352476_JaffaCakes118
-
Size
40KB
-
MD5
0a75b7b38a0bd5e588f03e927d352476
-
SHA1
c86ec5d4ccb1b9a8a5786ec8843e54f23be133a2
-
SHA256
b19ac861054e6abe40cfefb847348500fe450c5ec03c90554202707814d1da98
-
SHA512
09e122ea4adfd4429771b4c7dc945e816c7dfdcb7dccb436a4ece4e4a0aa750b6bea7a1bece3242ea320af2866b6a546be267c0215bd84dde2bbe572ebeda2a2
-
SSDEEP
768:cKwOkEeMNbQkNfQ0BA2Xe+djNMYeqFcEutE3LPWrt65QDcY0BxmB2zERKCw:bwM7bQKfQ0BfxTMYeUtutEb+Q5QQY0gW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0a75b7b38a0bd5e588f03e927d352476_JaffaCakes118
Files
-
0a75b7b38a0bd5e588f03e927d352476_JaffaCakes118.sys windows:4 windows x86 arch:x86
93cbd790a03be5d8fecafdc2dd70e501
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
wcslen
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
KeTickCount
KeQueryTimeIncrement
_stricmp
swprintf
KeDelayExecutionThread
KeQuerySystemTime
strncpy
PsLookupProcessByProcessId
_wcsnicmp
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
IoDeviceObjectType
wcsstr
_wcslwr
ZwSetInformationFile
ZwCreateFile
wcscpy
RtlCompareUnicodeString
ZwQueryValueKey
IofCompleteRequest
RtlCopyUnicodeString
PsCreateSystemThread
_snwprintf
ExAllocatePoolWithTag
ExFreePool
_snprintf
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsicmp
ZwCreateKey
PsGetVersion
IoRegisterDriverReinitialization
wcscat
wcschr
PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 63B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ