Static task
static1
General
-
Target
36d71293daa029237529ea376a381ed7_JaffaCakes118
-
Size
41KB
-
MD5
36d71293daa029237529ea376a381ed7
-
SHA1
cdfff183241705ed0577c652289505d4a59d42c4
-
SHA256
98cba3b27aefaf76e7fab846abf112e91cee81a922da8e36e64bc94ad4d47c03
-
SHA512
bd3ea301f24964903a20112ab5f0058bc9111ed6108de8dda11d4c2a69cfa3e0a3e46ace205aef7c9da65b2a506068cc98d1fb9139b15fa110c1c7d038ff93ce
-
SSDEEP
768:BOYdOSpERokGlhdP8GbWDcYATpZNCJnwOjdHN+jNr:JdOyEiJd0GaT8jNr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 36d71293daa029237529ea376a381ed7_JaffaCakes118
Files
-
36d71293daa029237529ea376a381ed7_JaffaCakes118.sys windows:5 windows x86 arch:x86
f4d809b07dcfb0d69985f6a0316d664d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQueryValueKey
ExAllocatePoolWithTag
ExFreePool
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwDeleteFile
ZwOpenFile
_strupr
ExInterlockedPushEntrySList
_stricmp
strstr
ZwQueryInformationFile
memchr
atoi
sprintf
ExInterlockedPopEntrySList
strchr
memmove
IoRegisterShutdownNotification
IofCompleteRequest
strncmp
DbgPrint
ZwQuerySystemInformation
ObfDereferenceObject
IoGetDeviceObjectPointer
wcscat
rand
srand
KeQuerySystemTime
wcscpy
wcslen
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlFreeAnsiString
strncpy
ZwSetValueKey
RtlCompareUnicodeString
ObQueryNameString
KeWaitForSingleObject
KeClearEvent
InterlockedIncrement
KeSetEvent
InterlockedDecrement
ExfInterlockedRemoveHeadList
ZwSetInformationFile
ZwReadFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ObReferenceObjectByName
InterlockedExchange
KeInitializeSpinLock
KeInitializeEvent
ZwEnumerateValueKey
ZwDeleteValueKey
ZwDeleteKey
ZwCreateKey
KeServiceDescriptorTable
KeInitializeMutex
ExInitializeNPagedLookasideList
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoGetCurrentProcess
NtBuildNumber
PsGetCurrentProcessId
_except_handler3
wcsncpy
ZwQueryKey
DbgBreakPoint
strncat
KeReleaseMutex
ObReferenceObjectByHandle
ExGetPreviousMode
RtlInitUnicodeString
ZwOpenKey
RtlUnicodeStringToAnsiString
ZwClose
ExfInterlockedInsertTailList
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex
ExAcquireFastMutex
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ