Static task
static1
General
-
Target
27053364212a6979253d213ba39cdf2c_JaffaCakes118
-
Size
27KB
-
MD5
27053364212a6979253d213ba39cdf2c
-
SHA1
6acbb7d1368b9b7f3d58526f64763c62293ed2a2
-
SHA256
1680ef52ecde49115157f63e5fe878053aff76c74f125cfe26eb485d0853280f
-
SHA512
05b0e1e912073568583e6f9414cb9652181f0afd8174e58aad023e26ff0d870a5c355ec9fb6b753ae55ea5a7fb132c9c6d590a0a4545c2ab48f3897a3219eca8
-
SSDEEP
768:EA0WHNKNNGyi94dVkggCLNbDiyZASXTHCg:EVl3U4Pku1DNASe
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 27053364212a6979253d213ba39cdf2c_JaffaCakes118
Files
-
27053364212a6979253d213ba39cdf2c_JaffaCakes118.sys windows:5 windows x86 arch:x86
41cd68d13a0135d6fd2ece867617542b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoRegisterDriverReinitialization
wcsncmp
wcslen
towlower
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
KeDelayExecutionThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
_strnicmp
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwDeleteValueKey
_except_handler3
ZwQueryValueKey
wcsstr
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
IofCompleteRequest
strncmp
strncpy
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ