Static task
static1
General
-
Target
323951c5d56dc5e0ee59ab79785d6838_JaffaCakes118
-
Size
823KB
-
MD5
323951c5d56dc5e0ee59ab79785d6838
-
SHA1
c608d6f50627510fea1bd591634471e8932183d3
-
SHA256
2ba2facac5ca50e42ed4e8b0f6d271240d181e975e24331d73229aec066cbb28
-
SHA512
f3b2d240a164094b440c840097d900eb0379f65541d61352f3ed05db5f8d7813966c7ff86bd3260438df27b6b69cb0f7868dc7fa5cb1b31bd908af952e625949
-
SSDEEP
12288:L/XhwQBjbJdHq7wA3Ske0xYRog+grf0lRpUQK7/S8oIznWAWIjePABH8q1H0Ie0n:NB3zq0A7Go9HlIQK7a8pq18KABpcHCP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 323951c5d56dc5e0ee59ab79785d6838_JaffaCakes118
Files
-
323951c5d56dc5e0ee59ab79785d6838_JaffaCakes118.sys windows:4 windows x86 arch:x86
87b5e5b146d2e5c6fed777ce4e03037b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
sprintf
ZwQuerySystemInformation
ExFreePoolWithTag
ZwWriteFile
RtlUpcaseUnicodeStringToCountedOemString
IoAllocateAdapterChannel
_wcsnicmp
FsRtlDissectDbcs
MmHighestUserAddress
ZwUnloadDriver
FsRtlMdlRead
ExAllocatePoolWithQuotaTag
MmPageEntireDriver
IoCreateDevice
RtlCaptureContext
KeUserModeCallback
RtlUpcaseUnicodeChar
READ_REGISTER_BUFFER_USHORT
FsRtlMdlReadComplete
RtlTraceDatabaseValidate
ZwCreateKey
wcsstr
ExAllocatePoolWithQuota
LdrFindResourceDirectory_U
RtlCaptureStackBackTrace
KeCancelTimer
ZwCreateEvent
IoStartNextPacketByKey
KeRaiseUserException
KeQueryPriorityThread
IoGetDeviceProperty
FsRtlNotifyInitializeSync
ZwTerminateProcess
IoSetShareAccess
FsRtlBalanceReads
KePulseEvent
RtlCreateRegistryKey
SeTokenIsAdmin
KeI386GetLid
RtlLargeIntegerAdd
PoUnregisterSystemState
MmDisableModifiedWriteOfSection
PoRegisterSystemState
IoDeleteDevice
IoDisconnectInterrupt
KdDisableDebugger
IoAllocateIrp
CcIsThereDirtyData
RtlUshortByteSwap
InterlockedExchangeAdd
IoReportResourceForDetection
CcCopyRead
KeNumberProcessors
PoSetHiberRange
IoWMIWriteEvent
KeSetKernelStackSwapEnable
MmAllocateContiguousMemory
CcUnpinData
ZwSetInformationFile
vsprintf
ExInterlockedPopEntrySList
ExInitializeZone
PsSetProcessPriorityByClass
RtlFormatCurrentUserKeyPath
FsRtlNotifyVolumeEvent
PoCallDriver
KeUnstackDetachProcess
IoWMISuggestInstanceName
MmMapViewInSystemSpace
ZwOpenFile
RtlValidSid
mbstowcs
ZwAdjustPrivilegesToken
IoReportDetectedDevice
RtlDelete
FsRtlPrivateLock
IoCreateSymbolicLink
IoBuildPartialMdl
ExInterlockedInsertHeadList
SeCloseObjectAuditAlarm
KeAddSystemServiceTable
MmSecureVirtualMemory
FsRtlFindInTunnelCache
KeLoaderBlock
ExGetPreviousMode
IoStartNextPacket
ZwClearEvent
RtlGetElementGenericTable
RtlPrefetchMemoryNonTemporal
READ_REGISTER_ULONG
KeSetBasePriorityThread
LdrEnumResources
ZwCancelIoFile
RtlConvertSidToUnicodeString
RtlConvertLongToLargeInteger
NtRequestPort
ExIsResourceAcquiredExclusiveLite
ZwDeleteValueKey
ZwOpenDirectoryObject
NtSetInformationFile
CcWaitForCurrentLazyWriterActivity
srand
IoCreateStreamFileObject
RtlSelfRelativeToAbsoluteSD
NtCreateSection
READ_REGISTER_BUFFER_UCHAR
KeRestoreFloatingPointState
IoSetInformation
Sections
.text Size: 385KB - Virtual size: 384KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 458B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 419KB - Virtual size: 418KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ