Static task
static1
General
-
Target
30f711b8b054cfa565e1df9a71980f7b_JaffaCakes118
-
Size
30KB
-
MD5
30f711b8b054cfa565e1df9a71980f7b
-
SHA1
f279ccdfd32279b9aed52897a53a4538f51117b8
-
SHA256
61c62813cd2bc8ff52ff7042b6ddc3548e22b7364665a153e27793c26fbe20d3
-
SHA512
4b88d418091ecda21b953f1fd687b03adbb8c3965e25d8ee5cdbdc6468845b5720c6fd5b5412eb246f1c6d9c72da497d6737089575dd328f6733b354cb623f85
-
SSDEEP
768:H4S4pG0Lsy8zYnMmupXw8burkSvWrENd/nhd:f4k0QbzBlXw8ydWrE/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 30f711b8b054cfa565e1df9a71980f7b_JaffaCakes118
Files
-
30f711b8b054cfa565e1df9a71980f7b_JaffaCakes118.sys windows:5 windows x86 arch:x86
771002f120d45d58651f3eb7dd5a2bd7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
IofCompleteRequest
IoGetCurrentProcess
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
wcsncmp
towlower
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
strncmp
PsGetVersion
strncpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 810B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ