Static task
static1
General
-
Target
29bc328e60098b434582c1b4901b74e5_JaffaCakes118
-
Size
20KB
-
MD5
29bc328e60098b434582c1b4901b74e5
-
SHA1
2f47fbe9e7d1f7456bf4c8e138654edd01273f6c
-
SHA256
d6c8a5100f40c17dc7782eb27cca64a78128b6b0d312b7cf03613feb7d7ae603
-
SHA512
ec40fb52f4675ca4289fd0a207bb07af74f2b5f3ee90cd013788a713eb3ee4f49dd06b592f8da8ae45bf606e4644b90b770fd0926122d5cff92a40194abef75c
-
SSDEEP
192:4L3Dwnh9qvQLEdZz71YRdFGnEvnu/N8VpY:CCS4LETzpHEva
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 29bc328e60098b434582c1b4901b74e5_JaffaCakes118
Files
-
29bc328e60098b434582c1b4901b74e5_JaffaCakes118.sys windows:5 windows x86 arch:x86
16515e02020f70e8503260409974dd9b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
MmIsAddressValid
RtlFreeAnsiString
_strupr
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
strrchr
PsGetCurrentThreadId
PsGetCurrentProcessId
strstr
PsLookupProcessByProcessId
strncpy
RtlInitUnicodeString
KeServiceDescriptorTable
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwReadFile
ZwClose
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224B - Virtual size: 196B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 704B - Virtual size: 682B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 416B - Virtual size: 416B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ