Static task
static1
General
-
Target
104908ae0be35593e46173b26b6d3a97_JaffaCakes118
-
Size
23KB
-
MD5
104908ae0be35593e46173b26b6d3a97
-
SHA1
dfe355c02873f742c30027a3b31d54aebbd89181
-
SHA256
71f421667c07506ff4a451689cbf2c2ea0e3822e2743c44063a35a393d3be1a8
-
SHA512
d746548b91f903659ebe58e06511603268e0918981a737ca28035c8cd8aa9552c15d08698b2ebacaf40b9489900ca7809d5680c8ba38bea16759701dc6a9ec83
-
SSDEEP
384:GZ0BmaYHOgS2wVFO2MGn6RPFdHFksgXCVNPteYrMvJ+Yyvg2SC/ANkAp:GDJOgS22OR66RtdHFksTVuYrMvJNt2Bu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 104908ae0be35593e46173b26b6d3a97_JaffaCakes118
Files
-
104908ae0be35593e46173b26b6d3a97_JaffaCakes118.sys windows:5 windows x86 arch:x86
ec843fda2a5fe69bccc988e57af1cfc1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateKey
wcscat
wcscpy
ZwCreateFile
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 574B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ