Static task
static1
General
-
Target
28ccaf3fa25c352fcd0a63a7ce180708_JaffaCakes118
-
Size
131KB
-
MD5
28ccaf3fa25c352fcd0a63a7ce180708
-
SHA1
68a95af5f9673c676d0fc4ddec9d11b9442bb0b4
-
SHA256
f4c63c429a9fd44bc3ad643015ad6d943cd8dceaaaf7db951114205ee1682683
-
SHA512
e156da8ffe66c5aeb5296ceb25f2f5489f8406b6b5b78ee5c61343debe05d575d7c58126a3ce426814639b35ee680ec65bb9ed4317c73dd90ee4d67267919b7f
-
SSDEEP
1536:kw4PFyhD4kXk2RRuSFEY3iL51Bbzmb+27qb7fDhMWlzZ5Qywj/KswRzZ1v4bShsL:M9yhskXk26201sVQ7imPRzZ6f/jvZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 28ccaf3fa25c352fcd0a63a7ce180708_JaffaCakes118
Files
-
28ccaf3fa25c352fcd0a63a7ce180708_JaffaCakes118.sys windows:5 windows x86 arch:x86
0f40d8e31976857d9c829b18101afdc3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_abnormal_termination
KeBugCheckEx
RtlSetBits
RtlClearBits
RtlInitializeBitMap
ExAllocatePoolWithTag
RtlFindClearBits
CcSetFileSizes
CcInitializeCacheMap
_allshr
_allshl
ExReleaseResourceLite
ExAcquireResourceSharedLite
FsRtlNumberOfRunsInMcb
FsRtlUninitializeMcb
FsRtlInitializeMcb
RtlFindLongestRunClear
RtlAreBitsClear
ExAcquireResourceExclusiveLite
FsRtlTruncateMcb
CcMapData
InterlockedIncrement
IoCreateStreamFileObject
CcSetAdditionalCacheAttributes
FsRtlNormalizeNtstatus
IoSetHardErrorOrVerifyDevice
CcPurgeCacheSection
CcGetFileObjectFromBcb
CcZeroData
CcMdlReadComplete
CcMdlWriteComplete
KeWaitForSingleObject
CcUninitializeCacheMap
KeInitializeEvent
CcPinMappedData
CcPinRead
ObfDereferenceObject
CcFlushCache
KeSetTimer
KeRemoveQueueDpc
KeCancelTimer
KeQuerySystemTime
CcSetDirtyPinnedData
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
FsRtlNotifyVolumeEvent
FsRtlOplockIsFastIoPossible
FsRtlCheckOplock
IoRemoveShareAccess
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyFullReportChange
FsRtlIsNtstatusExpected
FsRtlNotifyCleanup
FsRtlNotifyFullChangeDirectory
KeLeaveCriticalRegion
IoSetTopLevelIrp
KeEnterCriticalRegion
IofCompleteRequest
ExQueueWorkItem
InterlockedDecrement
IoGetCurrentProcess
ExGetSharedWaiterCount
ExGetExclusiveWaiterCount
FsRtlLegalAnsiCharacterArray
IoSetShareAccess
IoCheckShareAccess
CcIsThereDirtyData
MmCanFileBeTruncated
IoUpdateShareAccess
SeSinglePrivilegeCheck
MmFlushImageSection
FsRtlCurrentBatchOplock
FsRtlFindInTunnelCache
FsRtlIsFatDbcsLegal
RtlUpcaseUnicodeString
RtlDowncaseUnicodeString
RtlUpcaseUnicodeStringToCountedOemString
FsRtlDissectName
memmove
IofCallDriver
IoIsOperationSynchronous
KeClearEvent
KeSetEvent
IoFreeIrp
IoFreeMdl
ExReleaseResourceForThreadLite
ExfInterlockedAddUlong
FsRtlIsTotalDeviceFailure
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExAllocatePoolWithQuotaTag
IoBuildDeviceIoControlRequest
KeDelayExecutionThread
IoBuildPartialMdl
IoMakeAssociatedIrp
KeGetCurrentThread
MmUnlockPages
ExLocalTimeToSystemTime
RtlOemToUnicodeN
RtlxOemStringToUnicodeSize
NlsMbOemCodePageTag
RtlFreeOemString
FsRtlDoesNameContainWildCards
ExConvertExclusiveToSharedLite
FsRtlAddToTunnelCache
RtlOemStringToCountedUnicodeString
FsRtlDeleteKeyFromTunnelCache
ExSystemTimeToLocalTime
_allmul
CcRepinBcb
FsRtlAreNamesEqual
FsRtlIsNameInExpression
FsRtlUninitializeLargeMcb
FsRtlGetNextLargeMcbEntry
FsRtlNumberOfRunsInLargeMcb
FsRtlAddLargeMcbEntry
FsRtlInitializeLargeMcb
IoCheckEaBufferValidity
RtlUpperString
RtlCompareString
NlsOemLeadByteInfo
CcCopyWrite
IoGetTopLevelIrp
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
IoRaiseInformationalHardError
IoIsSystemThread
IoRaiseHardError
IoSetDeviceToVerify
IoGetDeviceToVerify
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwDeleteFile
ZwWriteFile
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlRandom
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwDeleteKey
RtlDeleteRegistryValue
ZwEnumerateValueKey
ZwQueryKey
ZwOpenKey
ZwEnumerateKey
wcslen
ZwQueryValueKey
RtlCompareMemory
IoRegisterFileSystem
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializeResourceLite
MmQuerySystemSize
KeInitializeSpinLock
FsRtlCopyWrite
FsRtlCopyRead
IoCreateDevice
FsRtlLookupLargeMcbEntry
FsRtlLookupLastLargeMcbEntryAndIndex
FsRtlRemoveLargeMcbEntry
FsRtlOplockFsctrl
CcWaitForCurrentLazyWriterActivity
ObReferenceObjectByHandle
IoFileObjectType
IoBuildSynchronousFsdRequest
KeNumberProcessors
ProbeForWrite
ProbeForRead
IoDeleteDevice
ObfReferenceObject
ExIsResourceAcquiredExclusiveLite
CcCanIWrite
FsRtlPrivateLock
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlProcessFileLock
FsRtlIsDbcsInExpression
RtlUnicodeStringToCountedOemString
RtlGenerate8dot3Name
CcMdlRead
CcCopyRead
CcSetReadAheadGranularity
FsRtlCheckLockForReadAccess
IoGetStackLimits
FsRtlPostStackOverflow
FsRtlPostPagingFileStackOverflow
ExAcquireSharedWaitForExclusive
ExIsResourceAcquiredSharedLite
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
ExDeleteResourceLite
KeInitializeDpc
KeInitializeTimer
FsRtlNotifyInitializeSync
FsRtlInitializeTunnelCache
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
RtlFreeUnicodeString
FsRtlUninitializeFileLock
FsRtlUninitializeOplock
FsRtlInitializeOplock
FsRtlInitializeFileLock
FsRtlDeleteTunnelCache
FsRtlNotifyUninitializeSync
RtlDelete
RtlSplay
RtlTimeFieldsToTime
RtlTimeToTimeFields
FsRtlBalanceReads
FsRtlRemoveMcbEntry
RtlEqualString
IoVerifyVolume
IoBuildAsynchronousFsdRequest
_local_unwind2
CcPrepareMdlWrite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
CcDeferWrite
CcUnpinRepinnedBcb
ExRaiseStatus
CcUnpinData
ExFreePool
_alldiv
_except_handler3
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ