Static task
static1
General
-
Target
2423b0253b883de2acd2158499596428_JaffaCakes118
-
Size
14KB
-
MD5
2423b0253b883de2acd2158499596428
-
SHA1
4a2e76420f07b4c72aa786fea521b49fad7dd9bb
-
SHA256
b8c3d513653e290aee5b01cd6f847112bc5e9f828ad50f6be8c74d308dc65365
-
SHA512
dbb9f1d8bade0970a07de99abb9828e9e8434cd780ed94438820483f09703233806e6af10f0aed2ccabdd9b6ab840a2d8207d835b9dd94e319c01a71cb36484d
-
SSDEEP
384:lhFErk7yJoAlNoBVOfsTsfWKPXChktkFEu:lhFErkAoAlNoBVOfs4XXCmtJu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2423b0253b883de2acd2158499596428_JaffaCakes118
Files
-
2423b0253b883de2acd2158499596428_JaffaCakes118.sys windows:4 windows x86 arch:x86
4fc08e9751f2577b94abfed0c28918bc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
toupper
isspace
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
MmIsAddressValid
isdigit
tolower
islower
isupper
strchr
ZwCreateKey
wcscat
wcscpy
strstr
isprint
ZwCreateFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
srand
strrchr
isxdigit
ZwUnmapViewOfSection
_wcslwr
wcsncpy
PsGetVersion
atol
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ