Static task
static1
General
-
Target
163e5150b99b8329c883ce61227e1312_JaffaCakes118
-
Size
40KB
-
MD5
163e5150b99b8329c883ce61227e1312
-
SHA1
8ee87faf203be1c80e44f1a3a1775974c4d2bb2b
-
SHA256
a5b89da11f59e8ba2af9809c5791b3920efbdca8996f49000e83feef4cc1b2a7
-
SHA512
b4a64813de1fe51e61a3ec395ba6c687c466e8058f64820a1928af3d3170c6ca63018a4c6efff821a12163d775c282c68bc0ee9a1177086ce39c29ec1118b1e8
-
SSDEEP
768:NtZFd0R5UoSEYJUovscEE+D8xpXJtpDZNf4WtvZhj8QD9yO:ND7i58JscHYEpXJtplltzo+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 163e5150b99b8329c883ce61227e1312_JaffaCakes118
Files
-
163e5150b99b8329c883ce61227e1312_JaffaCakes118.sys windows:4 windows x86 arch:x86
059bf4ae944b253c6112d30b17557b2b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
swprintf
ZwOpenKey
PsGetVersion
KeQuerySystemTime
strncpy
PsLookupProcessByProcessId
_stricmp
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
wcsstr
_wcslwr
ZwSetValueKey
wcslen
ZwCreateFile
RtlInitUnicodeString
wcscat
wcscpy
_wcsicmp
ZwQueryValueKey
_except_handler3
PsSetCreateProcessNotifyRoutine
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
ZwCreateKey
ZwDeleteKey
_wcsnicmp
KeDelayExecutionThread
_snprintf
MmGetSystemRoutineAddress
IofCompleteRequest
IoDeviceObjectType
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
_snwprintf
KeTickCount
KeQueryTimeIncrement
ZwSetInformationFile
RtlCopyUnicodeString
PsCreateSystemThread
wcschr
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 82B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ