Static task
static1
General
-
Target
390941255a846889144c28304c947567_JaffaCakes118
-
Size
749KB
-
MD5
390941255a846889144c28304c947567
-
SHA1
3095c9fee2d7d29b373dbcc63f7640d39629cbe8
-
SHA256
51e34a7da168433e30b65c6b3d867e4e804baacda6c760fdb2162e8de6fde4e1
-
SHA512
f7420380a929d0b647401ce434b51324b346392623b4212c72065de32dbc291a3ab11e654ad0552a13aaad6c792065cdc27e273cd6d1bcf9634917a58d343c4b
-
SSDEEP
12288:Ss4VRTCo3GhPBqr4rXbEVyiNvq7OLvx0uh0i+hIZZ82cBABGiqrPKEMQp/o0:Ss4VRD+PBq0rXbgnvvyigsZ82uFVSEMO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 390941255a846889144c28304c947567_JaffaCakes118
Files
-
390941255a846889144c28304c947567_JaffaCakes118.sys windows:4 windows x86 arch:x86
e437738f95d49b564c6659c1a935c5cb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
NtAllocateUuids
SeQueryAuthenticationIdToken
memcpy
ZwWaitForSingleObject
NtFsControlFile
IoWriteTransferCount
RtlTraceDatabaseCreate
RtlDecompressChunks
CcCopyRead
IoGetInitialStack
IoGetStackLimits
_except_handler3
ZwSetTimer
SeSinglePrivilegeCheck
RtlDeleteAce
RtlAllocateHeap
MmMapLockedPages
RtlVolumeDeviceToDosName
FsRtlCheckLockForWriteAccess
SeQuerySessionIdToken
SeAuditingFileOrGlobalEvents
MmSizeOfMdl
ZwFreeVirtualMemory
CcMdlReadComplete
KeSaveStateForHibernate
MmAllocateContiguousMemorySpecifyCache
KeDelayExecutionThread
FsRtlAreNamesEqual
RtlxUnicodeStringToOemSize
PoRegisterSystemState
ExAcquireSharedWaitForExclusive
RtlInsertElementGenericTableFull
IoSetTopLevelIrp
RtlGetNtGlobalFlags
ZwRestoreKey
NlsOemLeadByteInfo
IoInitializeIrp
ZwSetValueKey
RtlAbsoluteToSelfRelativeSD
SeRegisterLogonSessionTerminatedRoutine
FsRtlFindInTunnelCache
ZwPulseEvent
PsInitialSystemProcess
RtlNumberGenericTableElements
MmProbeAndLockProcessPages
PsGetCurrentThreadId
SeDeassignSecurity
NtQuerySecurityObject
RtlLargeIntegerAdd
CcSetDirtyPageThreshold
KeI386AllocateGdtSelectors
MmBuildMdlForNonPagedPool
IoQueryFileInformation
PsJobType
NtDuplicateToken
RtlInsertUnicodePrefix
MmResetDriverPaging
_purecall
PsReferenceImpersonationToken
FsRtlLookupLastLargeMcbEntryAndIndex
PoSetPowerState
RtlMultiByteToUnicodeN
READ_REGISTER_BUFFER_UCHAR
PsAssignImpersonationToken
IoBuildSynchronousFsdRequest
Ke386QueryIoAccessMap
ExInterlockedAddUlong
FsRtlOplockIsFastIoPossible
ExEventObjectType
towlower
PsSetCreateProcessNotifyRoutine
IoCreateUnprotectedSymbolicLink
mbtowc
RtlFindClearBitsAndSet
IoRegisterFsRegistrationChange
ZwReplaceKey
ExExtendZone
ZwQueryInformationFile
CcFlushCache
PsGetCurrentProcessId
PsSetCreateThreadNotifyRoutine
IoCreateDevice
IoRegisterShutdownNotification
Sections
.text Size: 342KB - Virtual size: 342KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 393KB - Virtual size: 393KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ