Static task
static1
General
-
Target
23b728fc1d7ec1ab87e2a5b898354a2f_JaffaCakes118
-
Size
40KB
-
MD5
23b728fc1d7ec1ab87e2a5b898354a2f
-
SHA1
7def5a00d8b80b1712f61f44c97990a1a6653525
-
SHA256
64b86b7c3a480107b047f6e111df5c3e44f350ef8902c00a1aee638b1c31751c
-
SHA512
33b198cc5f9ddc84c1396ab1656eee33483f2e3ef5f970b9d9cb9c26f6f4a8c1775c2e06231bd77317d53420cc98ff355c47bbaf1d2cea95298fe4853f2873a6
-
SSDEEP
768:VoiXWp6AfwKuhtrd45+ELZoKqg26GKrU00ivUnAC/nXoEPZNt+vR:iiglzMtR45+EVoKD26GoWiZeXoEPZivR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 23b728fc1d7ec1ab87e2a5b898354a2f_JaffaCakes118
Files
-
23b728fc1d7ec1ab87e2a5b898354a2f_JaffaCakes118.sys windows:4 windows x86 arch:x86
608db857c24139f49b0852c4f5911e76
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
swprintf
IofCompleteRequest
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
strncpy
IoGetCurrentProcess
_stricmp
wcsstr
_wcslwr
ZwQueryValueKey
MmIsAddressValid
_wcsnicmp
wcslen
_snprintf
ZwSetInformationFile
ZwCreateFile
wcscpy
ZwSetValueKey
wcscat
_wcsicmp
_except_handler3
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
_snwprintf
RtlCompareUnicodeString
IoDeviceObjectType
wcsncpy
PsGetVersion
ZwCreateKey
wcsrchr
wcschr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
strncmp
PsLookupProcessByProcessId
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 70B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ