Static task
static1
General
-
Target
33609a2e191f6e96de1799d0cd286aef_JaffaCakes118
-
Size
40KB
-
MD5
33609a2e191f6e96de1799d0cd286aef
-
SHA1
a41903aa128b90898f520be2778e8680227b5935
-
SHA256
971a5fd790533c6b13e76a715a98f729c7b0b6eadeb642b7953e17922c6f4479
-
SHA512
62c895d65fab1f840c43ed4c51aa220266bc838956dcf86f67eaac480917716da6b7381354f64a449473ac90894e584981b9d91c507e50f1e6a96d45a907c00e
-
SSDEEP
768:4s4zFQPkCXOxYc4NxAzCaxUKNMqgWeuWH1jgkggB37i8uBJqcbp/LZ:4spLeKiCwnMXVuWH1JgyduBJhLZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 33609a2e191f6e96de1799d0cd286aef_JaffaCakes118
Files
-
33609a2e191f6e96de1799d0cd286aef_JaffaCakes118.sys windows:4 windows x86 arch:x86
c6120ecc98eb62d0a3e38ef7cbb7bd88
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
MmIsAddressValid
RtlInitUnicodeString
KeTickCount
KeQueryTimeIncrement
_stricmp
wcslen
ZwCreateKey
swprintf
wcsncpy
wcsrchr
ZwClose
ZwOpenKey
strncmp
IoGetCurrentProcess
ZwSetValueKey
ZwQueryValueKey
_except_handler3
RtlCopyUnicodeString
wcsstr
_wcslwr
IoRegisterDriverReinitialization
KeDelayExecutionThread
KeQuerySystemTime
ZwSetInformationFile
ZwCreateFile
wcscpy
PsGetVersion
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
_snwprintf
wcschr
ObReferenceObjectByHandle
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
_wcsnicmp
wcscat
_wcsicmp
PsSetCreateProcessNotifyRoutine
ZwDeleteKey
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
IoDeviceObjectType
strncpy
PsLookupProcessByProcessId
PsCreateSystemThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 59B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ