Static task
static1
General
-
Target
22fa964579e4f0bcaca274ea646e108f_JaffaCakes118
-
Size
30KB
-
MD5
22fa964579e4f0bcaca274ea646e108f
-
SHA1
029c571d5db3a8eb232d49d69160a4e64676df2e
-
SHA256
c7fe2775e39f87f580c18e2dd2625e2072077809e638a807221e195166889512
-
SHA512
40093646ae3adfe9feb5f2a8344035d7b483a8b17ed391ce20c790de69d071a947d7635ed443aac8b33df849694a5ab3ee318d4c43565d21adaec0bd3213c7af
-
SSDEEP
768:sJl3aT14i68GtLtFkP1NQ/td0YSgzI530IOTccrqj:4l3aT1y8GLrK1NQ/jHSgc530JrK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 22fa964579e4f0bcaca274ea646e108f_JaffaCakes118
Files
-
22fa964579e4f0bcaca274ea646e108f_JaffaCakes118.sys windows:4 windows x86 arch:x86
f204bfec5e6e22f416062deb1266582d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
SeAuditingFileOrGlobalEvents
MmSystemRangeStart
ZwLoadKey
KeQuerySystemTime
RtlGenerate8dot3Name
wcschr
ExAllocatePool
RtlVolumeDeviceToDosName
ExInitializePagedLookasideList
DbgLoadImageSymbols
RtlAnsiStringToUnicodeString
DbgPrint
NtQueryEaFile
ZwReadFile
PfxFindPrefix
strcpy
RtlImageNtHeader
ZwQueryInformationProcess
IoWriteErrorLogEntry
FsRtlCheckLockForWriteAccess
ExFreePool
RtlFreeUnicodeString
ExSystemExceptionFilter
RtlGetSaclSecurityDescriptor
ZwDeviceIoControlFile
ZwPulseEvent
strcmp
RtlInitString
RtlCompareUnicodeString
MmTrimAllSystemPagableMemory
ZwOpenThread
FsRtlSplitLargeMcb
RtlFormatCurrentUserKeyPath
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 821B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.debug Size: 1024B - Virtual size: 663B
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ