Static task
static1
General
-
Target
2581dae90058bf1bf00437a5b211f42a_JaffaCakes118
-
Size
40KB
-
MD5
2581dae90058bf1bf00437a5b211f42a
-
SHA1
8e7064e12f0e4ca9af31ed7209f42f8186c0597c
-
SHA256
06eb45d2142c7230b0a2d18c75d8e6988bbe7130e927485a22d9519015358dfb
-
SHA512
d10c573b51436f795ecc702e3e5f7ff079335b0d35cebb15e96b00d4c5c235761d8676d2c292eaf461172b8f0b4dccf5b80f547cdd520f514c25c62149c114c7
-
SSDEEP
768:Yi2EdUZOdDxkLWLDquLo2q7q+dSyYRiEZt2GJr1/93JSR7siokcD:EOBaLWLDiqmkx3HJ9SR7si1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2581dae90058bf1bf00437a5b211f42a_JaffaCakes118
Files
-
2581dae90058bf1bf00437a5b211f42a_JaffaCakes118.sys windows:4 windows x86 arch:x86
a37ce3a9e4bacdaecd35c3d350d1b712
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ZwClose
ZwCreateFile
swprintf
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
_snwprintf
ExAllocatePoolWithTag
ZwSetValueKey
wcsstr
_wcslwr
ZwOpenKey
_except_handler3
ObfDereferenceObject
ZwDeleteKey
strncmp
strncpy
PsLookupProcessByProcessId
_stricmp
KeQuerySystemTime
RtlCompareUnicodeString
wcslen
ZwSetInformationFile
wcscpy
RtlAnsiStringToUnicodeString
_wcsicmp
wcsrchr
ObReferenceObjectByHandle
ExFreePool
_snprintf
ZwCreateKey
RtlCopyUnicodeString
wcscat
PsSetCreateProcessNotifyRoutine
KeTickCount
KeQueryTimeIncrement
IoDeviceObjectType
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
IoRegisterDriverReinitialization
_wcsnicmp
MmGetSystemRoutineAddress
PsCreateSystemThread
KeDelayExecutionThread
wcschr
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 51B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ