Static task
static1
General
-
Target
2f66b8605f18bb6c6d014c90149c4d5d_JaffaCakes118
-
Size
40KB
-
MD5
2f66b8605f18bb6c6d014c90149c4d5d
-
SHA1
975e5021f6a07129e3e6cb79c4692e982217634c
-
SHA256
5fce47c5e6654fb0a9f988d9bb62c1bac01cf2ced445562b9d23f77e10ab777d
-
SHA512
6d367be4344d425f59251045bf98ae3f0b1244f4efb388203164cf07b0dee2861598fd5199ec2e0172726f6081429a3ae75046387f90aa2f671fb87e403ebfce
-
SSDEEP
768:KtWGdNuRQvR89b374DU255Q/aTjZwW1Bf7JCDBi//EjPZjG6C0AC5mGO8UIGY6uF:KMANIQvR89b374Db6aOWv7JMB6/CPZyL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f66b8605f18bb6c6d014c90149c4d5d_JaffaCakes118
Files
-
2f66b8605f18bb6c6d014c90149c4d5d_JaffaCakes118.sys windows:4 windows x86 arch:x86
f501465bedc4566451a95df2cca1c5f8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
_wcsnicmp
wcslen
KeQuerySystemTime
RtlInitUnicodeString
_snwprintf
wcsncpy
wcschr
RtlCompareUnicodeString
ZwOpenKey
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
PsCreateSystemThread
swprintf
_stricmp
wcsstr
_wcslwr
strncpy
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
ObReferenceObjectByHandle
wcsrchr
ZwSetValueKey
strncmp
IoRegisterDriverReinitialization
ZwCreateKey
MmGetSystemRoutineAddress
RtlCopyUnicodeString
IoDeviceObjectType
wcscat
wcscpy
_wcsicmp
_except_handler3
ZwCreateFile
RtlAnsiStringToUnicodeString
IofCompleteRequest
KeTickCount
KeQueryTimeIncrement
_snprintf
KeDelayExecutionThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetInformationFile
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 66B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ