Static task
static1
General
-
Target
378b11a87f5ad3bb50a19e16fc1bead8_JaffaCakes118
-
Size
54KB
-
MD5
378b11a87f5ad3bb50a19e16fc1bead8
-
SHA1
3e0c6bc48051705e57dee9f7ef7e2fee07d2c119
-
SHA256
5bda3293dc7c20a23e024d7b4db9e8c3c1b6005c66a0f189ae69908433e54fa0
-
SHA512
308ac0aa9421a110db1265f6db76c8c1f10640a2523f98ed9cf8357df5cfdcd2261388ceeaeb1520f9d547ce39b15f7b126fd35bf821c4d0f567f45dc234d4c4
-
SSDEEP
768:o86QgkFPUgOFNPdZTttE3ZehdPP17MtWveXdg5Utj4ApW7zpVJQ:oKFPUbFNVZ7E3+dl7mrztjfI7zbJQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 378b11a87f5ad3bb50a19e16fc1bead8_JaffaCakes118
Files
-
378b11a87f5ad3bb50a19e16fc1bead8_JaffaCakes118.sys windows:5 windows x86 arch:x86
d2830b3c7fbb80e7a9698652c97b5094
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncpy
ExFreePool
ZwEnumerateKey
ZwDeleteKey
ExAllocatePoolWithTag
wcslen
wcscpy
wcsncat
ZwQueryKey
ZwQueryValueKey
RtlFreeUnicodeString
ZwDeleteFile
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeSetEvent
KeWaitForSingleObject
IoCreateSynchronizationEvent
PsGetCurrentProcessId
ZwOpenFile
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
_strupr
ZwQueryInformationFile
strstr
_stricmp
memchr
atoi
sprintf
strchr
strncpy
memmove
KeInitializeEvent
IoRegisterShutdownNotification
InitSafeBootMode
IofCompleteRequest
strncmp
ZwQuerySystemInformation
ObfDereferenceObject
IoGetDeviceObjectPointer
wcscat
rand
srand
KeQuerySystemTime
IoDeleteDevice
ZwOpenKey
RtlInitUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ExfInterlockedInsertTailList
RtlCompareUnicodeString
ObQueryNameString
KeClearEvent
InterlockedIncrement
InterlockedDecrement
ExfInterlockedRemoveHeadList
ZwSetInformationFile
ZwReadFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ObReferenceObjectByName
InterlockedExchange
KeInitializeSpinLock
ZwSetSecurityObject
ZwReplaceKey
ZwRestoreKey
ZwEnumerateValueKey
ZwDeleteValueKey
ZwCreateKey
KeServiceDescriptorTable
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
KeInitializeMutex
ExInitializeNPagedLookasideList
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoGetCurrentProcess
NtBuildNumber
MmIsAddressValid
ObReferenceObjectByHandle
IoFileObjectType
strrchr
strncat
KeReleaseMutex
ExGetPreviousMode
KeAddSystemServiceTable
ZwSetValueKey
ZwClose
RtlCompareMemory
IoCreateSymbolicLink
IoCreateDevice
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
Sections
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ