Static task
static1
General
-
Target
2e92382026212330fd39f2b6262ce345_JaffaCakes118
-
Size
47KB
-
MD5
2e92382026212330fd39f2b6262ce345
-
SHA1
8a6f09df733006eec16302a0a1a49e6af478e231
-
SHA256
6344de91922422db9d06744770c37c666c96822595ca416f3073db29f9322ce2
-
SHA512
c153ff88d72fa5523553f7eea3a548151f6eac0fa58526d50b6f8ff6af44fce4b930855b9c2a1b8bb59ddabe48b29f8215a5f0f0a0e5c3cdb6a118cd15d505ed
-
SSDEEP
768:goDeM+ACkrg0rvS7SP3I4Dl2HIfaOxqY8iQnFQuyyR5s2HQmn6kOutmKh5RIDKNx:MjyhuClnfSQGQmni7s5RIDKNO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e92382026212330fd39f2b6262ce345_JaffaCakes118
Files
-
2e92382026212330fd39f2b6262ce345_JaffaCakes118.sys windows:5 windows x86 arch:x86
5f63bccefa615bed8a97fb4b0a04921f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExUnregisterCallback
IofCompleteRequest
KeSetEvent
IoDeleteDevice
KeBugCheckEx
PoCallDriver
IoCancelIrp
IoDetachDevice
IofCallDriver
IoFreeIrp
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlCompareMemory
KeQueryInterruptTime
KeDelayExecutionThread
IoAllocateIrp
RtlCompareUnicodeString
ExFreePool
KeGetCurrentThread
PsGetCurrentProcessId
RtlInitUnicodeString
KeInitializeEvent
ZwCreateEvent
ExFreePoolWithTag
hal
ExAcquireFastMutex
ExReleaseFastMutex
battc.sys
BatteryClassIoctl
BatteryClassStatusNotify
BatteryClassInitializeDevice
BatteryClassUnload
Sections
.text Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 396B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ