CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Static task
static1
1 signatures
General
-
Target
17364836d0b38920630470b5f6b4f13f_JaffaCakes118
-
Size
3KB
-
MD5
17364836d0b38920630470b5f6b4f13f
-
SHA1
d3782de23e60d190f146cb302ea92d6aefd24096
-
SHA256
8f80cbb4395390876dc5a8425731b28e290a1ce361288e0d7466445ab11c1220
-
SHA512
116f2ee917c35eabefd8811b5be9c25ac88cc8382f39dd6beb72ac157bb111b3ecafcc26510cb3a7e43330a7a0d0fbdf8a0e54543c1b144dcdcfa69f6a88fe04
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 17364836d0b38920630470b5f6b4f13f_JaffaCakes118
Files
-
17364836d0b38920630470b5f6b4f13f_JaffaCakes118.sys windows:5 windows x86 arch:x86
85917607166cfe282aba9ee9b399dd93
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
RtlAssert
KeGetCurrentThread
KeInitializeEvent
ObfDereferenceObject
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlInitUnicodeString
ZwSetValueKey
wcslen
ZwOpenKey
IoCreateSymbolicLink
DbgPrint
IoCreateDevice
IofCompleteRequest
MmUnmapViewOfSection
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
ZwClose
IoCreateFile
hal
KeGetCurrentIrql
Sections
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 714B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 166B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ