Static task
static1
General
-
Target
388e752dcf6ea2abbbd1d4bc84e3d325_JaffaCakes118
-
Size
40KB
-
MD5
388e752dcf6ea2abbbd1d4bc84e3d325
-
SHA1
bd4c5197bc583f540680cc43463f9319a9561586
-
SHA256
57a8e14dcc079601e885d9e3c5b21ef0685a517a65e0c42fb41228bdb106b61a
-
SHA512
5c2c7915024ed7d414a56d56f8fbc91b8c14ad0061cf0c2792a5a2657234d7d5fc67e7f47f7a64ef0afe76629c782376c8a998c34a7c410e3eed982071dca553
-
SSDEEP
768:7lyKh3BRIVAkSK/+Y1FWIaIfSOWJMpRNSR1w7gExVcebWdg9rUer5R6D:7lyKLiVAkSM+YHWIaDOCQzOa7gCVcDdX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 388e752dcf6ea2abbbd1d4bc84e3d325_JaffaCakes118
Files
-
388e752dcf6ea2abbbd1d4bc84e3d325_JaffaCakes118.sys windows:4 windows x86 arch:x86
d330641512d24995857bd9335e80f74e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
ZwSetValueKey
_stricmp
wcsstr
_wcslwr
wcslen
ZwCreateKey
wcsncpy
wcsrchr
_snwprintf
wcschr
KeQuerySystemTime
ObReferenceObjectByHandle
ZwOpenKey
strncmp
ZwQueryValueKey
ZwSetInformationFile
wcscpy
_wcsicmp
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
wcscat
_except_handler3
strncpy
PsLookupProcessByProcessId
ObfDereferenceObject
IoDeviceObjectType
ExAllocatePoolWithTag
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
ZwDeleteKey
_wcsnicmp
KeTickCount
KeQueryTimeIncrement
ExFreePool
KeDelayExecutionThread
_snprintf
IoRegisterDriverReinitialization
RtlCopyUnicodeString
MmGetSystemRoutineAddress
PsCreateSystemThread
IofCompleteRequest
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ