Static task
static1
General
-
Target
2e84eb18096c58fc8c1cbf8ddfee4853_JaffaCakes118
-
Size
47KB
-
MD5
2e84eb18096c58fc8c1cbf8ddfee4853
-
SHA1
9293cee5d00a143271a370f97018d865755205ae
-
SHA256
3f6fad9c70b726a18f4a4ee530a9a1e4be67df6f04e2f47d627ac67c215c4485
-
SHA512
805ffc609aedae3fa0f750a9e2bb4283270557e29f115989077e412834fc93f46a610eb99aebbaa944af6704f1a400baeeac7093015b1c0bbcf1632b89de8097
-
SSDEEP
384:5VOpVmTYx/WzJk12PBOQCh3c8Ihuz95u+ns4aJoBJd2diOmdu:5VcN4OFM8tm4aJoBzQKu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e84eb18096c58fc8c1cbf8ddfee4853_JaffaCakes118
Files
-
2e84eb18096c58fc8c1cbf8ddfee4853_JaffaCakes118.sys windows:4 windows x86 arch:x86
00f2753fba5dceefc01c25cd43f9a20a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
RtlSetTimeZoneInformation
ZwUnloadKey
KdPollBreakIn
Exfi386InterlockedDecrementLong
RtlDecompressFragment
FsRtlRemoveLargeMcbEntry
NtReadFile
ZwResetEvent
CcScheduleReadAhead
ZwSetSystemTime
KeI386FlatToGdtSelector
RtlLargeIntegerShiftLeft
ExEventObjectType
RtlCreateRegistryKey
MmMapLockedPages
InterlockedCompareExchange
KdPollBreakIn
KiIpiServiceRoutine
ObCreateObject
PsEstablishWin32Callouts
IoStartPacket
NtQuerySecurityObject
FsRtlInitializeTunnelCache
ZwOpenProcess
ExQueueWorkItem
SeAccessCheck
ExReleaseResourceForThreadLite
SePrivilegeCheck
RtlLargeIntegerArithmeticShift
vsprintf
IoInitializeIrp
RtlUshortByteSwap
KeInitializeMutex
SeReleaseSecurityDescriptor
FsRtlLookupLargeMcbEntry
MmProbeAndLockPages
IoCreateNotificationEvent
SeFreePrivileges
_strset
IoCreateSynchronizationEvent
IoIsSystemThread
KeInsertQueueApc
RtlTimeToSecondsSince1970
KeSetTimeIncrement
IoStartNextPacket
KeSetTimer
towlower
RtlUnicodeStringToOemSize
FsRtlInitializeTunnelCache
PsChargePoolQuota
ZwCreateSection
RtlGetAce
FsRtlMdlReadComplete
ExfInterlockedPopEntryList
RtlNtStatusToDosError
KeInitializeMutant
IoSetThreadHardErrorMode
ZwSetSystemTime
RtlGetFirstRange
FsRtlNotifyFullReportChange
RtlEqualString
IofCallDriver
RtlCopyRangeList
RtlFindMessage
KeStackAttachProcess
IoFreeIrp
SeRegisterLogonSessionTerminatedRoutine
NtNotifyChangeDirectoryFile
RtlTimeToTimeFields
ExAcquireSharedStarveExclusive
RtlAreAllAccessesGranted
KeInitializeSemaphore
MmSetAddressRangeModified
KeInsertHeadQueue
NtQueryDirectoryFile
NtAllocateVirtualMemory
hal
HalAllocateCommonBuffer
IoFreeMapRegisters
WRITE_PORT_BUFFER_ULONG
HalGetEnvironmentVariable
HalSetEnvironmentVariable
HalSystemVectorDispatchEntry
IoMapTransfer
HalMakeBeep
IoWritePartitionTable
READ_PORT_BUFFER_USHORT
IoReadPartitionTable
WRITE_PORT_UCHAR
HalReadDmaCounter
HalClearSoftwareInterrupt
HalSetBusData
WRITE_PORT_ULONG
HalReadDmaCounter
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalMakeBeep
KfReleaseSpinLock
HalRequestIpi
WRITE_PORT_BUFFER_UCHAR
KeGetCurrentIrql
KeAcquireQueuedSpinLockRaiseToSynch
HalInitSystem
HalAcquireDisplayOwnership
IoFreeMapRegisters
KeLowerIrql
WRITE_PORT_ULONG
HalReturnToFirmware
IoFreeMapRegisters
KeStallExecutionProcessor
IoFreeMapRegisters
WRITE_PORT_UCHAR
KfRaiseIrql
IoSetPartitionInformation
HalHandleNMI
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_ULONG
HalAllocateCrashDumpRegisters
HalAllocateCrashDumpRegisters
HalInitSystem
READ_PORT_BUFFER_UCHAR
KeGetCurrentIrql
IoFlushAdapterBuffers
HalSetBusDataByOffset
KeReleaseQueuedSpinLock
KeReleaseSpinLock
HalReportResourceUsage
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetBusData
HalQueryRealTimeClock
READ_PORT_ULONG
READ_PORT_ULONG
HalSetBusDataByOffset
HalSetTimeIncrement
HalCalibratePerformanceCounter
HalGetBusDataByOffset
HalSetTimeIncrement
HalInitializeProcessor
KfRaiseIrql
READ_PORT_USHORT
HalHandleNMI
HalMakeBeep
READ_PORT_UCHAR
HalAssignSlotResources
HalQueryRealTimeClock
ExReleaseFastMutex
HalAssignSlotResources
HalReturnToFirmware
IoReadPartitionTable
HalAllocateAdapterChannel
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ