Static task
static1
General
-
Target
3453fe2efe2eeda0048b39b4fc9eb608_JaffaCakes118
-
Size
40KB
-
MD5
3453fe2efe2eeda0048b39b4fc9eb608
-
SHA1
62f34e8b12026220a23f8221bddbe5ac96cd0f4c
-
SHA256
3570aa36d3732e076001836f46fc95d36bb27afd983ed4c937cbb56f6ff367be
-
SHA512
0d4462c3e0f9e309324a5b5d62e188ff7a51ffc47188bc4ea07d19b784b4d74ca14a164544fcf57446fd2de4c90d05a0a6d11892a8be6e51c8a76bd1a11fa33a
-
SSDEEP
768:r2xQg7PqD7cALSdUJefnpyhbPOoHjgOK3e3gypC7YSr5iXcr8idlt92:rklo7rLXwfnpyFtshYgys7F518idlt92
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3453fe2efe2eeda0048b39b4fc9eb608_JaffaCakes118
Files
-
3453fe2efe2eeda0048b39b4fc9eb608_JaffaCakes118.sys windows:4 windows x86 arch:x86
f74736f368b564e1251deb465f55f40a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
PsLookupProcessByProcessId
_stricmp
swprintf
wcsstr
_wcslwr
ZwClose
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
ZwCreateFile
ExFreePool
_snprintf
ExAllocatePoolWithTag
KeTickCount
KeQueryTimeIncrement
MmIsAddressValid
IoDeviceObjectType
KeDelayExecutionThread
KeQuerySystemTime
IoRegisterDriverReinitialization
ObReferenceObjectByHandle
ZwSetValueKey
ZwCreateKey
RtlCompareUnicodeString
PsGetVersion
ZwOpenKey
wcslen
wcsncpy
wcsrchr
ZwQueryValueKey
wcscat
wcscpy
_wcsicmp
_except_handler3
ObfDereferenceObject
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_snwprintf
wcschr
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
ZwDeleteKey
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsnicmp
ZwSetInformationFile
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 55B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ