Static task
static1
General
-
Target
3a951648a7f1408e3c270403559b2f30_JaffaCakes118
-
Size
17KB
-
MD5
3a951648a7f1408e3c270403559b2f30
-
SHA1
8a37204eea3da90b324ae9dbc30288a47985b5f4
-
SHA256
c90fb89031d808e33f27a568d81c1fd6dc5c608cc59b4d60e516a23756f0db2a
-
SHA512
2e37ec3e5febb1971f552a460b75628c350e982cf76b5f3e9a56bd901984b6c872af9c35f1321bd6a22dae4dbcdaed602cd3bc1abcfd7171e36d9b175d6835f2
-
SSDEEP
384:HbIC2hbRZlfG+j3yo5kHQEsekCYT0EwR5:HEC2hPw8XwWeKw7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3a951648a7f1408e3c270403559b2f30_JaffaCakes118
Files
-
3a951648a7f1408e3c270403559b2f30_JaffaCakes118.sys windows:5 windows x86 arch:x86
ac9af282c1ed0565303def94f28547c9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExSystemTimeToLocalTime
ZwClose
ExFreePool
wcscpy
ZwQueryValueKey
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
ZwWriteFile
ZwCreateFile
_snwprintf
KeSetEvent
_vsnprintf
_allrem
KeQuerySystemTime
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
IoCreateDevice
InterlockedIncrement
InterlockedDecrement
IofCallDriver
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
_alldiv
hal
KfAcquireSpinLock
KfReleaseSpinLock
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 992B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 864B - Virtual size: 843B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 992B - Virtual size: 972B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 576B - Virtual size: 562B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ