Static task
static1
General
-
Target
2e7bb80599baad49385ede7059323de8_JaffaCakes118
-
Size
10KB
-
MD5
2e7bb80599baad49385ede7059323de8
-
SHA1
e6adf4e664b4e42733b9f72f3733ab33992c790e
-
SHA256
9ec93be16a240ef1b294b4c3439b3dd55e9a901251668b382da5c97c300e8557
-
SHA512
4f19ae2ca11cd0b401ecf964fd76d7c9a8d113c1cb7af5c4f0ad4be3d3572766962dce15ffcd2f0bbe4e88bb8cb209ccae027c142abb9bd48bd820db01315501
-
SSDEEP
192:T09dIlg6RXLIOd0UgiGh4DG8qupb8BU+5W5shT:2SLpKUw4Dv8BUOWKhT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e7bb80599baad49385ede7059323de8_JaffaCakes118
Files
-
2e7bb80599baad49385ede7059323de8_JaffaCakes118.sys windows:4 windows x86 arch:x86
253883e9311c9d696ec2c8a7551e399d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
RtlCompareUnicodeString
MmMapLockedPagesSpecifyCache
_wcsicmp
ObQueryNameString
ObReferenceObjectByName
IoDeviceObjectType
ExFreePool
strncpy
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwClose
ZwMapViewOfSection
ZwCreateSection
IoGetDeviceObjectPointer
_stricmp
RtlQueryRegistryValues
_except_handler3
ObfDereferenceObject
IoDriverObjectType
MmIsAddressValid
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
InterlockedExchange
strlen
strcpy
ZwOpenFile
IofCallDriver
hal
KeGetCurrentIrql
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 690B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 476B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ