Static task
static1
General
-
Target
1a06538b41c56afc86eb28c326c7a43e_JaffaCakes118
-
Size
47KB
-
MD5
1a06538b41c56afc86eb28c326c7a43e
-
SHA1
4c3edec4ed4ff34e712fee92cdc0192e6d8a8cf2
-
SHA256
a17a199ce0f94332583000075968288d1283a507af6c71aff05172c7de4b2722
-
SHA512
40e301f960c418e6d139ce0172f5866ab2eef86540c7ac332ce248c75f1bbb659ab78c96863e7ee17c86fb6a41f6f703dd13771bed6e51e0af9c165995737345
-
SSDEEP
768:7lYVKRT5Hd+AlVQ/BDusQOrapsbCWMHbjz/v6HXt+tjCZ4kJvdH7c/4/1zkw0jDI:hYQ7byBxlCr3eHst4e2BEYjU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1a06538b41c56afc86eb28c326c7a43e_JaffaCakes118
Files
-
1a06538b41c56afc86eb28c326c7a43e_JaffaCakes118.sys windows:4 windows x86 arch:x86
8b4eb9ff823a5f61d138220fc488c4f5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsSetCreateProcessNotifyRoutine
RtlInitUnicodeString
wcscat
wcscpy
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
IoRegisterDriverReinitialization
PsGetVersion
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
strncmp
IoGetCurrentProcess
_wcsnicmp
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ