Static task
static1
General
-
Target
29ff4bd988c4514592c9159035416740_JaffaCakes118
-
Size
41KB
-
MD5
29ff4bd988c4514592c9159035416740
-
SHA1
93c4408513455e0292c33a7de92122be4ab107e0
-
SHA256
8f3421b162da2786ad45d0e5d4376a4252d151969e6d1ca76d8e30dfe3778fc6
-
SHA512
2d7b7f70e514e7c50c025f6ee0fecf85db4050f668addc78eb352ac30c227dda30fcfc77c59dda8964205b6a36530d6f1adf2dad4750c1eceea2a5678c40ebf0
-
SSDEEP
768:30J0+E3AGPAJYXwZgD+/ql0eIHJdKJdYp05YmThq1vAyu1mx:kJS3toDZgD+CldIHJgJK0Omhq1vI1i
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 29ff4bd988c4514592c9159035416740_JaffaCakes118
Files
-
29ff4bd988c4514592c9159035416740_JaffaCakes118.sys windows:4 windows x86 arch:x86
96d5d4ee4c1c3b7e00d8a9f3affa81b1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
ObReferenceObjectByHandle
ZwClose
ZwOpenKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
swprintf
_wcsnicmp
wcslen
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
strncpy
IoGetCurrentProcess
MmIsAddressValid
IoDeviceObjectType
RtlCompareUnicodeString
ZwQueryValueKey
PsLookupProcessByProcessId
_stricmp
wcsncpy
PsGetVersion
wcsstr
_wcslwr
_except_handler3
wcscat
wcscpy
_wcsicmp
ZwDeleteKey
ObfDereferenceObject
wcsrchr
ZwCreateFile
ExFreePool
_snprintf
ExAllocatePoolWithTag
IoRegisterDriverReinitialization
_snwprintf
wcschr
PsCreateSystemThread
strncmp
IofCompleteRequest
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
ZwCreateKey
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetInformationFile
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 57B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ