Static task
static1
General
-
Target
2e2275e5d117d71a4208dd36da8f3a6e_JaffaCakes118
-
Size
37KB
-
MD5
2e2275e5d117d71a4208dd36da8f3a6e
-
SHA1
eb012689dfcdc60e9d2d22b5d436c721c0673bc8
-
SHA256
21a1cfacb5730c9b0d8a786b332601cfb4abee8f6c723adf4d2350f1d7e62418
-
SHA512
e39954793bb9e494690ece81930813671328fd84f4969252e517bb08daf86f305e59fb13234a35eb14a0c9809af40c4560ffeb6b564af21204a2ef17e64eea05
-
SSDEEP
768:n3Y0LCvVYFFPDHrv8CBr4xCh+yRADqX9RFzd:nk94PDL9rV7OD0Dz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e2275e5d117d71a4208dd36da8f3a6e_JaffaCakes118
Files
-
2e2275e5d117d71a4208dd36da8f3a6e_JaffaCakes118.sys windows:5 windows x86 arch:x86
984d5bb3d5de1148f0ca237ef08994fd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExUnregisterCallback
IofCompleteRequest
KeSetEvent
IoDeleteDevice
KeBugCheckEx
PoCallDriver
IoCancelIrp
IoDetachDevice
IofCallDriver
IoFreeIrp
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlCompareMemory
KeQueryInterruptTime
IoAllocateIrp
RtlCompareUnicodeString
ExFreePool
KeGetCurrentThread
PsGetCurrentProcessId
RtlInitUnicodeString
KeInitializeEvent
ZwCreateEvent
ExFreePoolWithTag
hal
ExAcquireFastMutex
ExReleaseFastMutex
battc.sys
BatteryClassIoctl
BatteryClassStatusNotify
BatteryClassInitializeDevice
BatteryClassUnload
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 1020B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 768B - Virtual size: 744B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 384B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ