Static task
static1
General
-
Target
2e763ea85e77e32f587c136a553c46ad_JaffaCakes118
-
Size
40KB
-
MD5
2e763ea85e77e32f587c136a553c46ad
-
SHA1
0a423f72d412e060c604a51f93e8227780202b3a
-
SHA256
08b04a766b699bb3164041e83e541a9ee34ad8651ea1b6cb194dafe545decc81
-
SHA512
bf780d5630e8d599ad4931e250b57160d3ee5b74638fa03e02cf64080adcb1d1eda37c54ecdeca435da9608a49557c0f052101f09b2699e297eeeca2d7db7011
-
SSDEEP
768:ld19MR/j8BeshuEOkiZkpa5vqYnbKKp2Q1n4b8z5/eqtG:vMR/joeuheWpa55nMQ1m8ZG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e763ea85e77e32f587c136a553c46ad_JaffaCakes118
Files
-
2e763ea85e77e32f587c136a553c46ad_JaffaCakes118.sys windows:4 windows x86 arch:x86
a7a7f4352d9606036607a1e11da56be8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
_snwprintf
wcsncpy
wcslen
wcschr
strncmp
ZwClose
ZwOpenKey
RtlInitUnicodeString
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsrchr
swprintf
ZwQueryValueKey
_except_handler3
ExFreePool
_snprintf
ExAllocatePoolWithTag
PsCreateSystemThread
_wcsicmp
ZwCreateKey
KeQuerySystemTime
IoRegisterDriverReinitialization
ZwSetInformationFile
ZwCreateFile
wcscpy
_stricmp
wcsstr
_wcslwr
strncpy
IoGetCurrentProcess
KeDelayExecutionThread
PsGetVersion
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
wcscat
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
IoDeviceObjectType
ZwDeleteKey
_wcsnicmp
RtlCopyUnicodeString
PsLookupProcessByProcessId
KeTickCount
KeQueryTimeIncrement
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 69B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ