Static task
static1
General
-
Target
16b5c1f857d3f6072ca410c9f4bbccc4_JaffaCakes118
-
Size
48KB
-
MD5
16b5c1f857d3f6072ca410c9f4bbccc4
-
SHA1
94835a56195ac0f392fd2c986de5b0ee28531ef0
-
SHA256
b3bb0f61c49f9cb429ca762da8e15d60fcdd02291d1b456dc4ba885385edb50d
-
SHA512
d3080129c3005b6ada43d2a917d89964abbe42663cc2405ae9239f0e3075a9c5080d1107cde3a3bbb5782680279bd6f3cc100008800f95197d075222fbe20905
-
SSDEEP
384:tScatnGMyPq9gD8PLvdBkF6jSxcZjBqs68Nd2d64FxdlaXSguV:txknGBq9gD8xBaRxews60Q647
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 16b5c1f857d3f6072ca410c9f4bbccc4_JaffaCakes118
Files
-
16b5c1f857d3f6072ca410c9f4bbccc4_JaffaCakes118.sys windows:4 windows x86 arch:x86
ec6bcf2ed431437530ad5e69ceef8b46
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
HalAllProcessorsStarted
HalSetBusData
KeAcquireQueuedSpinLock
HalSetEnvironmentVariable
HalHandleNMI
KeTryToAcquireQueuedSpinLock
ExAcquireFastMutex
KfRaiseIrql
WRITE_PORT_ULONG
HalRequestIpi
HalRequestIpi
HalDisplayString
KeGetCurrentIrql
KeReleaseSpinLock
KeReleaseSpinLock
HalSetBusDataByOffset
ExAcquireFastMutex
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_ULONG
HalInitializeProcessor
IoReadPartitionTable
HalStartNextProcessor
READ_PORT_ULONG
IoFreeAdapterChannel
READ_PORT_ULONG
IoReadPartitionTable
IoMapTransfer
READ_PORT_UCHAR
HalAssignSlotResources
HalAllocateCrashDumpRegisters
HalHandleNMI
HalSetBusData
KfReleaseSpinLock
HalGetBusData
HalMakeBeep
WRITE_PORT_UCHAR
KeQueryPerformanceCounter
WRITE_PORT_ULONG
HalClearSoftwareInterrupt
HalSetProfileInterval
KfReleaseSpinLock
HalQueryRealTimeClock
HalEndSystemInterrupt
READ_PORT_BUFFER_ULONG
WRITE_PORT_UCHAR
HalClearSoftwareInterrupt
KeAcquireSpinLock
HalSetBusDataByOffset
KeAcquireQueuedSpinLockRaiseToSynch
HalAllocateCommonBuffer
HalStartProfileInterrupt
READ_PORT_USHORT
HalSetDisplayParameters
READ_PORT_USHORT
READ_PORT_BUFFER_UCHAR
HalSetBusDataByOffset
HalSetProfileInterval
IoSetPartitionInformation
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalReportResourceUsage
HalReturnToFirmware
KeStallExecutionProcessor
KeReleaseSpinLock
KfRaiseIrql
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalAllProcessorsStarted
KfAcquireSpinLock
HalClearSoftwareInterrupt
ExAcquireFastMutex
HalSetBusDataByOffset
HalQueryDisplayParameters
HalGetInterruptVector
HalCalibratePerformanceCounter
HalFlushCommonBuffer
HalMakeBeep
KeReleaseQueuedSpinLock
KeLowerIrql
HalGetAdapter
HalProcessorIdle
KeTryToAcquireQueuedSpinLockRaiseToSynch
HalReadDmaCounter
KeAcquireSpinLockRaiseToSynch
ntoskrnl.exe
FsRtlUninitializeOplock
strncat
NtVdmControl
RtlLargeIntegerShiftLeft
FsRtlPrepareMdlWrite
KeInitializeMutex
CcGetFileObjectFromSectionPtrs
RtlCompareMemoryUlong
RtlNtStatusToDosErrorNoTeb
ExAcquireResourceExclusiveLite
FsRtlIsTotalDeviceFailure
mbtowc
MmMapUserAddressesToPage
IoFreeMdl
ExCreateCallback
ZwQueryDefaultLocale
RtlAnsiStringToUnicodeSize
FsRtlCurrentBatchOplock
IoFreeWorkItem
KeInitializeEvent
IoSynchronousPageWrite
PoCallDriver
IoQueryVolumeInformation
MmDisableModifiedWriteOfSection
RtlDestroyAtomTable
ExfInterlockedAddUlong
RtlDeleteAce
IoSetThreadHardErrorMode
CcUnpinData
InterlockedIncrement
PoSetHiberRange
_stricmp
RtlInitString
ExEventObjectType
ZwWaitForSingleObject
RtlUpcaseUnicodeStringToOemString
KeInsertQueueDpc
MmAdjustWorkingSetSize
Exi386InterlockedExchangeUlong
MmFreeContiguousMemorySpecifyCache
NlsMbCodePageTag
IoRequestDeviceEject
SeSystemDefaultDacl
KdEnableDebugger
RtlGetDaclSecurityDescriptor
ExCreateCallback
NtQueryEaFile
LsaCallAuthenticationPackage
MmCanFileBeTruncated
ZwEnumerateValueKey
RtlRemoveUnicodePrefix
SeAccessCheck
RtlIsGenericTableEmpty
KeRestoreFloatingPointState
SeCreateClientSecurity
FsRtlCopyRead
ZwResetEvent
wcsrchr
_strrev
WRITE_REGISTER_BUFFER_UCHAR
RtlUnicodeToMultiByteN
FsRtlGetNextMcbEntry
IofCallDriver
ExAcquireResourceSharedLite
SeSetAccessStateGenericMapping
RtlUlongByteSwap
RtlDeleteRegistryValue
wcscpy
MmIsAddressValid
ObReleaseObjectSecurity
FsRtlMdlReadDev
CcScheduleReadAhead
RtlAnsiStringToUnicodeString
FsRtlGetNextLargeMcbEntry
PsInitialSystemProcess
RtlFindLeastSignificantBit
ZwSetInformationThread
ExUuidCreate
IoReleaseRemoveLockAndWaitEx
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ