Static task
static1
General
-
Target
35c5ac7afbaa1cf082888a80bddb2491_JaffaCakes118
-
Size
40KB
-
MD5
35c5ac7afbaa1cf082888a80bddb2491
-
SHA1
d8a29d5476c3e1ad0fd9bb2d372d53bd27afcc4f
-
SHA256
86887b40907d4cc7fe9a1aac586dccb0b0ba2bfb9cb4cf0cb262633b846ce807
-
SHA512
c579df828029ff218f247bb2f67c2ccfc0b92020bdc474d5b51d99140b5676f815da03bfa778b64270cd83655a3959fdd4f5db64814645ba86a69921a295b700
-
SSDEEP
768:Xr4TPRsOdkkqr/AJ/vsaE69duuLOLS3rVcoO9IrbU8qpZRVLB0qJ:Xr4TZsOZqcJ/v17LH3moO9+sRV5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 35c5ac7afbaa1cf082888a80bddb2491_JaffaCakes118
Files
-
35c5ac7afbaa1cf082888a80bddb2491_JaffaCakes118.sys windows:4 windows x86 arch:x86
19456f47ef81256b29da6fda0d7d0610
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
swprintf
ZwSetInformationFile
ZwCreateFile
wcslen
wcscpy
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
PsGetVersion
MmIsAddressValid
ZwSetValueKey
_snwprintf
wcsncpy
wcschr
RtlCompareUnicodeString
_wcsicmp
wcsrchr
_wcsnicmp
KeTickCount
KeQueryTimeIncrement
_stricmp
RtlAnsiStringToUnicodeString
ZwQueryValueKey
_except_handler3
strncpy
IoGetCurrentProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
_snprintf
wcsstr
_wcslwr
IoDeviceObjectType
MmGetSystemRoutineAddress
wcscat
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
KeQuerySystemTime
strncmp
IoRegisterDriverReinitialization
IofCompleteRequest
PsCreateSystemThread
ZwCreateKey
KeDelayExecutionThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 52B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ