Static task
static1
General
-
Target
1c772e4a608c9feafc7938c199a77da8_JaffaCakes118
-
Size
130KB
-
MD5
1c772e4a608c9feafc7938c199a77da8
-
SHA1
064a8152fed50edc5da24464e30c34a59551a9d3
-
SHA256
30edb605b048824511668895df64d2f71a4ac54698ded93761e0f57159cb7975
-
SHA512
6cfbb5360f8470a1ac04f6c2aabc7e74164e3c4fdd2429dcc3737eaa151b094a17e8fe4c9960f1108fc69e7781ec005ea9670ead2bbd00422054b73dfe6be83b
-
SSDEEP
3072:s7VUpdUceRzwTvMcKjLVyv4K3V7VS2rYRL5CRaQnv9yrLXx9hbIDK9:pd4uTv+nkv4KpVS2roVCgQnFWXxTbID
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1c772e4a608c9feafc7938c199a77da8_JaffaCakes118
Files
-
1c772e4a608c9feafc7938c199a77da8_JaffaCakes118.sys windows:4 windows x86 arch:x86
3e2077b75a2879e622f0ea3e112ef3a1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
hal
HalReturnToFirmware
HalAllocateAdapterChannel
READ_PORT_USHORT
HalRequestSoftwareInterrupt
KeStallExecutionProcessor
HalSetEnvironmentVariable
HalProcessorIdle
KeLowerIrql
WRITE_PORT_BUFFER_ULONG
HalSetRealTimeClock
HalSetBusDataByOffset
IoFreeAdapterChannel
HalTranslateBusAddress
KeQueryPerformanceCounter
KeAcquireSpinLock
HalFreeCommonBuffer
HalHandleNMI
HalStopProfileInterrupt
READ_PORT_BUFFER_ULONG
HalSetProfileInterval
HalEndSystemInterrupt
HalAssignSlotResources
KfRaiseIrql
READ_PORT_ULONG
KfReleaseSpinLock
HalGetAdapter
KeRaiseIrqlToSynchLevel
HalGetInterruptVector
HalSystemVectorDispatchEntry
HalReportResourceUsage
HalGetBusData
HalAllocateCrashDumpRegisters
KeTryToAcquireQueuedSpinLockRaiseToSynch
HalAllProcessorsStarted
HalGetEnvironmentVariable
KeTryToAcquireQueuedSpinLock
IoFlushAdapterBuffers
KeAcquireQueuedSpinLock
KeReleaseSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
HalQueryRealTimeClock
KeGetCurrentIrql
KeReleaseQueuedSpinLock
HalAdjustResourceList
WRITE_PORT_ULONG
KeRaiseIrqlToDpcLevel
ntoskrnl.exe
IoFastQueryNetworkAttributes
RtlLengthSecurityDescriptor
IoGetCurrentProcess
RtlMultiByteToUnicodeN
ZwMapViewOfSection
SeExports
IoInitializeRemoveLockEx
KeInsertByKeyDeviceQueue
ExAllocatePool
ZwWriteFile
RtlDecompressChunks
ExExtendZone
ExInterlockedPushEntrySList
ObReferenceObjectByHandle
MmLockPagableSectionByHandle
ZwNotifyChangeKey
MmCanFileBeTruncated
strlen
_aulldiv
RtlInsertElementGenericTable
KeRemoveQueueDpc
IoSetTopLevelIrp
ExSystemExceptionFilter
IoRegisterFileSystem
IoDeviceObjectType
IoRegisterPlugPlayNotification
RtlCreateRegistryKey
RtlOemToUnicodeN
sprintf
READ_REGISTER_BUFFER_ULONG
RtlUpcaseUnicodeStringToCountedOemString
_wcslwr
IoDeleteSymbolicLink
RtlTimeFieldsToTime
ProbeForRead
RtlSecondsSince1980ToTime
PsGetVersion
CcZeroData
IoCheckFunctionAccess
KeSetIdealProcessorThread
ExInterlockedPushEntryList
KeEnterKernelDebugger
IoDetachDevice
IoSetThreadHardErrorMode
ExLocalTimeToSystemTime
KeRestoreFloatingPointState
ExGetSharedWaiterCount
IoQueueWorkItem
IoRegisterBootDriverReinitialization
IoBuildPartialMdl
RtlLengthRequiredSid
SeOpenObjectForDeleteAuditAlarm
RtlFindRange
RtlUnicodeStringToInteger
vsprintf
KeInitializeQueue
NtClose
InterlockedDecrement
WRITE_REGISTER_UCHAR
vDbgPrintEx
CcPinRead
CcSetFileSizes
FsRtlMdlReadComplete
RtlUnicodeStringToCountedOemString
Sections
.data Size: 81KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 256B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ