Static task
static1
General
-
Target
2f0fbb6dfbb9c9c6f37f08255ec24638_JaffaCakes118
-
Size
47KB
-
MD5
2f0fbb6dfbb9c9c6f37f08255ec24638
-
SHA1
b0da31ea8d5939489ab87d149207cb58c06d400b
-
SHA256
029e2b92bf5adf3698ef8501eb1e1e142d9da3f08058d95096a074c834334d50
-
SHA512
4f8d4338b63cae471be26a93191fc7f99521150a666da108a6a12e969abddd79f861bf2989709ec84fffb5007da73fcf79e7a44a9e017f08c0ce553c58afee9c
-
SSDEEP
384:YS2lw7PMOfhQnDhI74XCMKV+K83J+IiZh3Ld2dV5n2v8UhL:Kw7P/uI74yMKV8+XtQPn2v/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f0fbb6dfbb9c9c6f37f08255ec24638_JaffaCakes118
Files
-
2f0fbb6dfbb9c9c6f37f08255ec24638_JaffaCakes118.sys windows:4 windows x86 arch:x86
2345b657737c4e6c074077541d62394c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlTraceDatabaseUnlock
ZwRestoreKey
NtVdmControl
RtlInsertElementGenericTable
ZwQueryVolumeInformationFile
MmMapMemoryDumpMdl
ZwUnloadDriver
FsRtlMdlReadComplete
NtAdjustPrivilegesToken
SePrivilegeObjectAuditAlarm
KeReadStateQueue
SeDeleteAccessState
Ke386IoSetAccessProcess
FsRtlMdlReadDev
RtlAddAccessAllowedAce
_itow
_vsnprintf
memchr
FsRtlSplitLargeMcb
FsRtlUninitializeFileLock
IoStartNextPacket
MmUnmapVideoDisplay
ZwCreateTimer
ZwCreateDirectoryObject
ZwQueryInformationToken
ExIsResourceAcquiredSharedLite
CcPrepareMdlWrite
NtAllocateUuids
_allshl
InbvCheckDisplayOwnership
RtlCharToInteger
RtlZeroHeap
IoRegisterFsRegistrationChange
KeRestoreFloatingPointState
InitSafeBootMode
InbvSetScrollRegion
MmForceSectionClosed
ZwUnloadDriver
KeI386MachineType
ZwYieldExecution
MmAdjustWorkingSetSize
RtlGetDaclSecurityDescriptor
RtlConvertUlongToLargeInteger
FsRtlLegalAnsiCharacterArray
LpcPortObjectType
_allshr
Kei386EoiHelper
Ke386QueryIoAccessMap
rand
RtlSelfRelativeToAbsoluteSD2
SeAccessCheck
IoCheckQuerySetVolumeInformation
ExfInterlockedPopEntryList
ExWindowStationObjectType
wcsncat
RtlInitializeSid
KeInitializeTimer
ObDereferenceObject
IoInitializeRemoveLockEx
KeInitializeTimer
isupper
SeAssignSecurityEx
IoGetStackLimits
PsRestoreImpersonation
RtlSelfRelativeToAbsoluteSD
CcMdlReadComplete
SeSetSecurityDescriptorInfo
RtlNumberGenericTableElements
KeSetTimeIncrement
FsRtlCheckLockForReadAccess
hal
KeRaiseIrqlToSynchLevel
HalClearSoftwareInterrupt
IoWritePartitionTable
KeGetCurrentIrql
KeQueryPerformanceCounter
KeReleaseSpinLock
HalGetEnvironmentVariable
KeAcquireQueuedSpinLock
HalReturnToFirmware
KeTryToAcquireQueuedSpinLock
HalSetTimeIncrement
HalGetEnvironmentVariable
HalAllocateCrashDumpRegisters
KeAcquireQueuedSpinLockRaiseToSynch
IoReadPartitionTable
HalHandleNMI
HalSystemVectorDispatchEntry
READ_PORT_BUFFER_USHORT
HalSetBusData
KeReleaseQueuedSpinLock
HalSystemVectorDispatchEntry
HalGetBusData
IoWritePartitionTable
KeStallExecutionProcessor
IoSetPartitionInformation
HalSetTimeIncrement
HalQueryRealTimeClock
HalInitSystem
HalReportResourceUsage
HalQueryRealTimeClock
ExReleaseFastMutex
KdComPortInUse
KfLowerIrql
KfReleaseSpinLock
HalSetProfileInterval
IoReadPartitionTable
KeAcquireQueuedSpinLockRaiseToSynch
KeAcquireQueuedSpinLockRaiseToSynch
IoWritePartitionTable
HalSystemVectorDispatchEntry
HalGetInterruptVector
KeAcquireSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
KeStallExecutionProcessor
HalTranslateBusAddress
KeRaiseIrqlToSynchLevel
HalSetTimeIncrement
ExAcquireFastMutex
READ_PORT_USHORT
HalSetTimeIncrement
HalEndSystemInterrupt
ExReleaseFastMutex
READ_PORT_ULONG
ExReleaseFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
IoWritePartitionTable
HalSetDisplayParameters
HalSetProfileInterval
IoMapTransfer
HalSetProfileInterval
READ_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalInitializeProcessor
IoSetPartitionInformation
IoFreeMapRegisters
HalAllProcessorsStarted
HalMakeBeep
KfAcquireSpinLock
KdComPortInUse
HalRequestIpi
HalEndSystemInterrupt
IoReadPartitionTable
HalSystemVectorDispatchEntry
IoFlushAdapterBuffers
IoReadPartitionTable
HalTranslateBusAddress
READ_PORT_ULONG
KeRaiseIrqlToDpcLevel
WRITE_PORT_UCHAR
HalReportResourceUsage
IoMapTransfer
HalAssignSlotResources
HalMakeBeep
KeFlushWriteBuffer
HalMakeBeep
HalAcquireDisplayOwnership
KfReleaseSpinLock
KeAcquireSpinLock
HalCalibratePerformanceCounter
HalHandleNMI
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ