Static task
static1
General
-
Target
24d7f105a3c0bd6caa137f9a034e9cef_JaffaCakes118
-
Size
27KB
-
MD5
24d7f105a3c0bd6caa137f9a034e9cef
-
SHA1
a1001a53a2d237f899dc5ee0070c5daed34a7af7
-
SHA256
c0da8c9a30ddb52dec7a7dc7b1392540936dbe60382016ddcb827f8ed3ec09dc
-
SHA512
03db7dff5b9e2c50dec05216a8d68faadf25e1847ef23b4bc472348268544ed559c7a1cc05797b2e3a76ca5216a914481ef5f7d6899533bf30202ad691d45113
-
SSDEEP
192:wL1XucQudV/IblZWyu7o3nWnGfrOJqpCW6M+gWr2Y+M9Wa20w:Uu1G5IZZWJo3WCy4pJ6M+giL+8WF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 24d7f105a3c0bd6caa137f9a034e9cef_JaffaCakes118
Files
-
24d7f105a3c0bd6caa137f9a034e9cef_JaffaCakes118.sys windows:4 windows x86 arch:x86
4aec6473af5fb47f5bef014bf3835bf8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_wcslwr
wcsncpy
PsGetVersion
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwClose
swprintf
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlFreeUnicodeString
wcslen
ZwCreateKey
wcscat
wcscpy
MmIsAddressValid
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCreateFile
IoRegisterDriverReinitialization
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 672B - Virtual size: 654B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ