Static task
static1
General
-
Target
3051177b1d2185f97e6b3c67cdcc52d8_JaffaCakes118
-
Size
72KB
-
MD5
3051177b1d2185f97e6b3c67cdcc52d8
-
SHA1
5e3ce8ec55ce4948a8059292681b8d44e541f35b
-
SHA256
0963f22e51067f30860f919a2b36e335766c3f597ced45f42a91573b013bbad2
-
SHA512
40b5d4efbcb077695ba6607c2a7ffedb22f7236b19c0acb9c905e33ff4044f375acfc604024fc656c5ba078f097d43471090b2703fc5efbb033d4b12aeb75de9
-
SSDEEP
1536:F4HF6cUmiGsDziQSyXhtFYAi/pbA05zrOEJm2Ot:FOF6RmUDvNXhtFYAi/5AMXJlOt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3051177b1d2185f97e6b3c67cdcc52d8_JaffaCakes118
Files
-
3051177b1d2185f97e6b3c67cdcc52d8_JaffaCakes118.sys windows:5 windows x86 arch:x86
420fd6a2b674a6c662d210dc6cceceac
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
MmIsDriverVerifying
MmLockPagableDataSection
DbgBreakPoint
MmUnlockPagableImageSection
ZwQueryVolumeInformationFile
IoBuildDeviceIoControlRequest
IoCancelIrp
MmBuildMdlForNonPagedPool
IoGetCurrentProcess
memmove
IoGetTopLevelIrp
KeTickCount
KeWaitForMultipleObjects
MmMapLockedPagesSpecifyCache
KeClearEvent
KeInitializeSemaphore
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeReleaseSemaphore
ProbeForRead
ProbeForWrite
KeQueryInterruptTime
ZwUnloadDriver
ZwLoadDriver
MmIsNonPagedSystemAddressValid
ExRaiseStatus
IoAllocateMdl
MmProbeAndLockPages
RtlCompareMemory
IoReuseIrp
IoAllocateIrp
ZwEnumerateKey
KeInitializeTimer
KeInitializeDpc
IoGetDeviceObjectPointer
KeSetTimerEx
MmQuerySystemSize
MmIsThisAnNtAsSystem
ExDeleteResourceLite
IoGetAttachedDeviceReference
IoDeleteSymbolicLink
MmPageEntireDriver
MmGetSystemRoutineAddress
ZwOpenKey
ZwQueryValueKey
IofCallDriver
IofCompleteRequest
ExInitializeResourceLite
IoSetTopLevelIrp
ZwCreateFile
ObReferenceObjectByHandle
IoGetRelatedDeviceObject
ZwClose
KeInitializeSpinLock
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExAcquireResourceExclusiveLite
SeSinglePrivilegeCheck
KeDelayExecutionThread
IoFreeIrp
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
KeBugCheckEx
IoGetStackLimits
ObfReferenceObject
MmUnlockPages
IoFreeMdl
ExGetPreviousMode
KeSetEvent
KeWaitForSingleObject
RtlEqualUnicodeString
ExQueueWorkItem
IoDetachDevice
KeInitializeEvent
IoCreateDevice
IoDeleteDevice
ExReleaseResourceLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ObfDereferenceObject
RtlCompareUnicodeString
KeGetCurrentThread
IoCreateSymbolicLink
RtlInitUnicodeString
ExAllocatePoolWithTag
hal
KfRaiseIrql
ExReleaseFastMutex
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 550B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ