Static task
static1
General
-
Target
32953c5dd399338ba029037a4e0b9406_JaffaCakes118
-
Size
40KB
-
MD5
32953c5dd399338ba029037a4e0b9406
-
SHA1
ea7d68a32b23b5e1305808136eba105a3d959a3b
-
SHA256
27f919c096b9d9f148f4d5d70f01249df0063e652d0748db51b17db4156a9e96
-
SHA512
dea960871b25632276fbe8f2662e190620525a46aa987449d6eff473c9204ccc0282f84c3e0667debd5b3dd04294316594f8e7f84890770e8509afee56de3126
-
SSDEEP
768:kEUDc+zilB72f+7rFDDPigSPD604Gk1VpvrspvZXyFBBsGnRQVnqpoQ:kEccbCCZYDaGkjKbCFpRQVnqpo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 32953c5dd399338ba029037a4e0b9406_JaffaCakes118
Files
-
32953c5dd399338ba029037a4e0b9406_JaffaCakes118.sys windows:4 windows x86 arch:x86
43051ce98a35366a286147b6be6f7780
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
_wcsicmp
wcsstr
_wcslwr
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
strncmp
IoGetCurrentProcess
swprintf
IoRegisterDriverReinitialization
wcslen
wcscat
wcscpy
_except_handler3
_snwprintf
ExAllocatePoolWithTag
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ExFreePool
_snprintf
ZwSetValueKey
ObReferenceObjectByHandle
ZwCreateKey
wcsncpy
wcsrchr
strncpy
PsLookupProcessByProcessId
_stricmp
RtlAnsiStringToUnicodeString
ZwCreateFile
_wcsnicmp
MmIsAddressValid
RtlCompareUnicodeString
MmGetSystemRoutineAddress
ZwDeleteKey
KeTickCount
KeQueryTimeIncrement
wcschr
RtlCopyUnicodeString
KeQuerySystemTime
PsGetVersion
IoDeviceObjectType
KeDelayExecutionThread
PsSetCreateProcessNotifyRoutine
ZwSetInformationFile
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 83B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ