Static task
static1
General
-
Target
0e4697b5253eeb8e1bf781b80254ba0e_JaffaCakes118
-
Size
40KB
-
MD5
0e4697b5253eeb8e1bf781b80254ba0e
-
SHA1
0622920c99b5bf509187e17327a3622fc8d0c11b
-
SHA256
c7359510ff4461c79a10bc99ac46b685802e1df2e4f0af9a49946116f3684767
-
SHA512
627a004e3a800e75ec2736a03e0289f02de40a270f71dd72e31f2780c3ae611f3c6a8145602136fda496de430fd980f0c081e12543aa71923a5407f21991d9b7
-
SSDEEP
768:CSBPuU3inztQ+OAd0hBdJwwsn+I4Eao2rJ8OSR50LXjjNxyyUgA1XSZ2u2MG0yrN:zJ7yzeQ6BdGzn+IravrmOSRGLX/WyUgc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0e4697b5253eeb8e1bf781b80254ba0e_JaffaCakes118
Files
-
0e4697b5253eeb8e1bf781b80254ba0e_JaffaCakes118.sys windows:4 windows x86 arch:x86
45c36e34666b7d0c4d87370f3c5926dd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_snwprintf
wcsncpy
wcslen
wcschr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcscat
wcscpy
_wcsicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
ZwSetValueKey
ObReferenceObjectByHandle
MmIsAddressValid
swprintf
strncpy
IoGetCurrentProcess
RtlCopyUnicodeString
PsGetVersion
strncmp
RtlCompareUnicodeString
_wcsnicmp
IoRegisterDriverReinitialization
ZwSetInformationFile
ZwCreateFile
PsCreateSystemThread
IoDeviceObjectType
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
KeQuerySystemTime
MmGetSystemRoutineAddress
wcsrchr
ZwDeleteKey
IofCompleteRequest
ZwCreateKey
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
_stricmp
PsLookupProcessByProcessId
wcsstr
_wcslwr
_snprintf
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 53B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ