Static task
static1
General
-
Target
15fe5aa6b642d6fc538b9eae583a78de_JaffaCakes118
-
Size
46KB
-
MD5
15fe5aa6b642d6fc538b9eae583a78de
-
SHA1
54460db23b5a9f2df7eb130c326c535f09cf0000
-
SHA256
af0be536b5e112233adde3bb57cda95bc7d657dc13af9e75bcdb55bdffecbd81
-
SHA512
b944b3a50b657b7e0e70cdf3698c4491c52b8da963dbc034a31ab54f3cf40e17eb330195b77ff319786b25b8df4f372202bdc6826ffdca7a0ee4aee15d933848
-
SSDEEP
384:nVS2dEzd7v2ddDVwuaeKvXocw7/dGdB7r6u7rZqCoCcJM1lN:niedWZeSXVy1gBf9fX/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 15fe5aa6b642d6fc538b9eae583a78de_JaffaCakes118
Files
-
15fe5aa6b642d6fc538b9eae583a78de_JaffaCakes118.sys windows:4 windows x86 arch:x86
9a02530d26d1be93ee5c1d6c45a90cd3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncat
ZwMapViewOfSection
ExInterlockedInsertHeadList
IoUnregisterFileSystem
ExInterlockedExtendZone
wcscspn
NtWaitForSingleObject
SeSetSecurityDescriptorInfoEx
ExFreePoolWithTag
Mm64BitPhysicalAddress
IoIsFileOriginRemote
Ke386CallBios
ZwDeleteKey
KeInsertHeadQueue
KeI386MachineType
Exfi386InterlockedDecrementLong
ExCreateCallback
ExfInterlockedInsertHeadList
RtlInitializeSid
RtlUpcaseUnicodeStringToCountedOemString
islower
RtlEnumerateGenericTable
NtSetInformationProcess
MmIsRecursiveIoFault
_snwprintf
NtQueryVolumeInformationFile
sprintf
MmForceSectionClosed
RtlInitString
IoWriteTransferCount
IoCallDriver
RtlExtendedIntegerMultiply
RtlDeleteAtomFromAtomTable
ObInsertObject
IoStartNextPacketByKey
RtlCaptureContext
IoBuildDeviceIoControlRequest
RtlNtStatusToDosErrorNoTeb
IoCreateUnprotectedSymbolicLink
RtlFindUnicodePrefix
ZwFsControlFile
MmGetPhysicalMemoryRanges
IoCreateNotificationEvent
RtlInitAnsiString
IoCheckDesiredAccess
FsRtlAddToTunnelCache
ZwSetDefaultUILanguage
HalPrivateDispatchTable
ExReinitializeResourceLite
RtlDeleteRegistryValue
SeReleaseSecurityDescriptor
RtlDescribeChunk
ZwCreateSection
hal
HalRequestIpi
KeAcquireSpinLock
HalClearSoftwareInterrupt
KeQueryPerformanceCounter
KeQueryPerformanceCounter
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel
HalSetProfileInterval
HalGetEnvironmentVariable
HalReadDmaCounter
ExTryToAcquireFastMutex
HalSystemVectorDispatchEntry
HalSetProfileInterval
KeQueryPerformanceCounter
IoFreeMapRegisters
KeRaiseIrql
HalStopProfileInterrupt
HalAllProcessorsStarted
HalHandleNMI
READ_PORT_USHORT
HalQueryDisplayParameters
READ_PORT_BUFFER_UCHAR
IoReadPartitionTable
KfAcquireSpinLock
IoMapTransfer
KdComPortInUse
KeGetCurrentIrql
HalStartNextProcessor
KeReleaseQueuedSpinLock
KfRaiseIrql
WRITE_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalAdjustResourceList
HalSystemVectorDispatchEntry
READ_PORT_USHORT
IoSetPartitionInformation
HalAllProcessorsStarted
IoFlushAdapterBuffers
READ_PORT_UCHAR
KeRaiseIrqlToDpcLevel
HalRequestSoftwareInterrupt
KeRaiseIrqlToSynchLevel
HalGetEnvironmentVariable
IoReadPartitionTable
IoWritePartitionTable
HalGetBusData
HalSetTimeIncrement
HalFlushCommonBuffer
ExReleaseFastMutex
READ_PORT_USHORT
KfLowerIrql
ExReleaseFastMutex
IoFlushAdapterBuffers
HalStartProfileInterrupt
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalRequestIpi
HalGetEnvironmentVariable
IoFreeMapRegisters
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ