Static task
static1
General
-
Target
2b02556466a92d7d8df4abd5e0a5c801_JaffaCakes118
-
Size
29KB
-
MD5
2b02556466a92d7d8df4abd5e0a5c801
-
SHA1
43e3ed00725d919b92bd543cc2428e40e9c477d3
-
SHA256
08d14ed3e8df81344b4338a43a9b1e6938b63c3766c7cd3dabc5690b38056cb5
-
SHA512
e4434ff08d042385e89755ed16c6ad12f136caa0871bc251e6e457d269e76ba11146516bada884ee4b52563adfa6b22a298876df88889dc65d133dffd190d50a
-
SSDEEP
192:L7vquJOnvVpXAk8OnOMNu/CO/SXAsBoZoyftd4dbd5IZqi0rKc:P2vVj1NO/MWZoTIZqi0u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2b02556466a92d7d8df4abd5e0a5c801_JaffaCakes118
Files
-
2b02556466a92d7d8df4abd5e0a5c801_JaffaCakes118.sys windows:6 windows x86 arch:x86
fe701b2b4380ec9fff5f898dc74533e5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoGetCurrentProcess
strncmp
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetCurrentProcessId
ObOpenObjectByPointer
ExFreePoolWithTag
ObReferenceObjectByHandle
KeSetEvent
KeGetCurrentThread
KeServiceDescriptorTable
memcpy
IoDeleteDevice
IoDeleteSymbolicLink
_strnicmp
PsSetCreateProcessNotifyRoutine
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
memset
RtlCompareMemory
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwClose
ProbeForRead
KeWaitForSingleObject
memmove
KeTickCount
KeBugCheckEx
IofCompleteRequest
RtlInitUnicodeString
KeInitializeEvent
RtlUnwind
hal
ExAcquireFastMutex
ExReleaseFastMutex
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 986B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ