Static task
static1
General
-
Target
248ddbbc884c6e3535e39bb54ca970b8_JaffaCakes118
-
Size
27KB
-
MD5
248ddbbc884c6e3535e39bb54ca970b8
-
SHA1
58fccfe2babd68774ff5036a9367a66efc5ccb5b
-
SHA256
15eb43eddba5313977cc36c5e7661f1a0d90e7abf263cc9c703841c59e423bba
-
SHA512
bf1e1ed6ab90c6ebe311568ce2c0a3f79044b6b38c846f8c9641aedbf1235dd7779ad7ca0947fb5471015deb59a7f5ac5bade1bd71ca2669649cfce12cdb6156
-
SSDEEP
384:RPgPCuZCW6GDGjC0dSm3lO5l0G7s05xWuHRthkBBVfNOg6eEQ6LpZxf9G2nQuBEr:OCuZ1GC0gxh0TOuc51QThI5Lu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 248ddbbc884c6e3535e39bb54ca970b8_JaffaCakes118
Files
-
248ddbbc884c6e3535e39bb54ca970b8_JaffaCakes118.sys windows:5 windows x86 arch:x86
cde2db870b7e8275c4a007bfbd556290
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwUnmapViewOfSection
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
swprintf
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlAnsiStringToUnicodeString
ZwCreateFile
IoRegisterDriverReinitialization
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
ZwCreateKey
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 620B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ