Static task
static1
General
-
Target
0e974ede483b0ef1b2ead27dca4d9f76_JaffaCakes118
-
Size
10KB
-
MD5
0e974ede483b0ef1b2ead27dca4d9f76
-
SHA1
af15b82df69f3b224ff28316c338137c6056f09f
-
SHA256
3f3138ce8f968e14af5f92ab653306b897a3eb83c6a4270926bc9993a301ce28
-
SHA512
8311657756682d9a9c5f7694e5e5864777fdc6d3fbaf6eb10e8b7d8c153595d6e38bcdacfc8495f862fde8e25bd97aae974f2f2df41e4753a5e08e7378466c66
-
SSDEEP
192:pRDwt7HPt31XgsrJw/Z4CgZzZoXFNUW2O1IPTDo3FHPiKqY5d+4MNDi4s2Da:pRDwt7HPB11rW/uC0zyNUWiPXo3FHPdn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0e974ede483b0ef1b2ead27dca4d9f76_JaffaCakes118
Files
-
0e974ede483b0ef1b2ead27dca4d9f76_JaffaCakes118.sys windows:4 windows x86 arch:x86
e3869a14b2362ed2d955f04ee099222e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
MmGetSystemRoutineAddress
ZwDeleteFile
hal
HalHandleNMI
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ