Static task
static1
General
-
Target
18bcebbdfadd35e241fa5b34269100f8_JaffaCakes118
-
Size
50KB
-
MD5
18bcebbdfadd35e241fa5b34269100f8
-
SHA1
8761e75b6ae32c520bc1e9a80477117a63a9c27a
-
SHA256
3ee7df6c72a2b97032a5837a0e4a44bc0c4c39073919a43c91efe48716ee8e9b
-
SHA512
f1031e4aaff22c74e7059fa4433d7db1b4025b303b75c0a9f1d5399e106c72e886e95beef7bc7c53c7b6d4268f7d9af9bde6f232d8fc8d912fc6f1f682f49324
-
SSDEEP
1536:Bf0tIQo8NfQBKGQNOUoNjjmhc6CUEK+hVqFjXACCCfeaCGvWwQd7nfR8ypstAZC9:BfDQ5QBKPkmhcdUEK+hVkUCrObdstAZs
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 18bcebbdfadd35e241fa5b34269100f8_JaffaCakes118
Files
-
18bcebbdfadd35e241fa5b34269100f8_JaffaCakes118.sys windows:4 windows x86 arch:x86
6c20a36aa809ac0370aa1f465f8db8a2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
wcsncmp
wcslen
towlower
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
ZwQueryValueKey
_except_handler3
MmGetSystemRoutineAddress
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
ZwSetValueKey
_strnicmp
wcsstr
IoRegisterDriverReinitialization
ZwDeleteValueKey
PsCreateSystemThread
IofCompleteRequest
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 954B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 928B - Virtual size: 916B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ