Static task
static1
General
-
Target
1750879861b49b55d83de1450f8bbbb4_JaffaCakes118
-
Size
338KB
-
MD5
1750879861b49b55d83de1450f8bbbb4
-
SHA1
d45251c8b184203dc38bf5b9908d937f602c1e59
-
SHA256
895d1f0d3b77a93d640543e811ea7524b285499ea0b07f73a7a1c027276b3315
-
SHA512
7bb52747b89956542fd5d28bd33fc508a351b8b9ec1d839fdd6fab3dfd4d446c034c63262053cb3ecfff118f7f820473ae7f391a011e3ecd75fa0b2c0df758f4
-
SSDEEP
6144:FCoe8uIcet4QFxJAAtrzocOb3L9EC9zZT+8hsZ5Vp2ji/4bGu66CmZiQX0z2MLgc:UWft7FxJtrzonLmC9F+8qZ5yO/4bsNaM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1750879861b49b55d83de1450f8bbbb4_JaffaCakes118
Files
-
1750879861b49b55d83de1450f8bbbb4_JaffaCakes118.sys windows:5 windows x86 arch:x86
bc01d6e8d8b092b6259db9b0b17c7f04
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
tdi.sys
TdiRegisterProvider
TdiInitialize
TdiRegisterNetAddress
hal
HalProcessorIdle
KeRaiseIrql
KfLowerIrql
ntoskrnl.exe
ZwOpenFile
isdigit
ZwClose
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 674B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 324KB - Virtual size: 324KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.assc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.doroc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ