Static task
static1
General
-
Target
22ce13c7da7fbfbabbcdade7e4de9c32_JaffaCakes118
-
Size
72KB
-
MD5
22ce13c7da7fbfbabbcdade7e4de9c32
-
SHA1
0ea8553f0909d271eb70723edc824373aff3a543
-
SHA256
a26e62851a316a8f2f86193b4edeac42fff2fb94486f79de11b7caf20d81d09e
-
SHA512
5cf9efe72b16c238ee04b2fe13aa47e141b4c28ed4b7fd832d236260ea964287ee77e3d4cf8086998cefa1ad168e41681423cf7cab3a34cf78e076523823aaa9
-
SSDEEP
1536:SChu0TY+qxLYaCpGMtUDfQNayZ3ccCtzJ1Ez0dxXO:SCdY9VzC5ULDyZ3cldJa0d8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 22ce13c7da7fbfbabbcdade7e4de9c32_JaffaCakes118
Files
-
22ce13c7da7fbfbabbcdade7e4de9c32_JaffaCakes118.sys windows:4 windows x86 arch:x86
77261177ed78e32658fe89f7ff0f7477
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
KeAcquireQueuedSpinLock
ntoskrnl.exe
RtlAppendUnicodeToString
RtlEqualUnicodeString
RtlHashUnicodeString
RtlCompareMemory
KeQuerySystemTime
IoWMIWriteEvent
ExfInterlockedInsertHeadList
ZwCreateFile
ExInterlockedAddLargeInteger
ZwDeviceIoControlFile
ZwClose
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInterlockedAddLargeInteger
KeEnterCriticalRegion
KeLeaveCriticalRegion
_aulldiv
_allmul
KeQueryInterruptTime
MmMapLockedPages
_alldiv
_allshr
RtlInitUnicodeString
RtlCompareUnicodeString
ExSetTimerResolution
KeQueryTimeIncrement
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 972B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.INIT Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ