Static task
static1
General
-
Target
2c965739bd89c08ea54d886e5babbf7a_JaffaCakes118
-
Size
77KB
-
MD5
2c965739bd89c08ea54d886e5babbf7a
-
SHA1
8cb89dd3bdd2a586fef4d319ee1335ef62c534b7
-
SHA256
579989ee80b64d29aedf108a93ad5efe1f1ece2d331a737278d8a51d43673a32
-
SHA512
286cefee71c43713babd15e939aea4e91f24edd23bd0e4e2e67a24ce6914f6cba689d103b356b141362c908ef360ea7cf72e6133f4cbda4837d0380502e82511
-
SSDEEP
1536:tsgE1RjIUOFlRze9Bk7gwS1Ulam9q/rJLwoJYF7YSf:tchOFlRzekgdm4T9x
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2c965739bd89c08ea54d886e5babbf7a_JaffaCakes118
Files
-
2c965739bd89c08ea54d886e5babbf7a_JaffaCakes118.sys windows:6 windows x64 arch:x64
716430212679e92780d159fab4fe5f94
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
RtlCompareUnicodeString
RtlCopyUnicodeString
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
PsLookupProcessByProcessId
KeResetEvent
IoIs32bitProcess
KeWaitForSingleObject
ExAcquireResourceSharedLite
KeDelayExecutionThread
PsCreateSystemThread
PsTerminateSystemThread
ZwClose
KeBugCheckEx
RtlAppendUnicodeToString
strstr
strncmp
PsGetCurrentProcessId
PsGetCurrentThreadId
RtlFreeAnsiString
_vsnprintf
FsRtlIsNameInExpression
RtlUnicodeStringToAnsiString
IoThreadToProcess
ExDeleteNPagedLookasideList
ExInitializeResourceLite
ObfDereferenceObject
ExDeleteResourceLite
ExReleaseResourceLite
IoGetCurrentProcess
wcsstr
IoVolumeDeviceToDosName
KeEnterCriticalRegion
PsSetCreateProcessNotifyRoutine
PsSetCreateThreadNotifyRoutine
KeInitializeEvent
RtlInitUnicodeString
PsRemoveCreateThreadNotifyRoutine
ExInitializeNPagedLookasideList
KeLeaveCriticalRegion
ExFreePoolWithTag
ExAllocatePoolWithTag
KeSetEvent
ExAcquireResourceExclusiveLite
__C_specific_handler
_local_unwind
DbgPrint
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
fltmgr.sys
FltParseFileNameInformation
FltReleaseFileNameInformation
FltGetFileNameInformation
FltIsDirectory
FltCancelFileOpen
FltSetVolumeContext
FltStartFiltering
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltGetVolumeName
FltCloseCommunicationPort
FltUnregisterFilter
FltAllocateContext
FltReleaseContext
FltFreeSecurityDescriptor
FltGetVolumeProperties
FltGetDiskDeviceObject
FltCreateCommunicationPort
FltCloseClientPort
FltGetVolumeContext
hal
HalMakeBeep
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 944B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
.vmp2 Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ