Static task
static1
General
-
Target
3dc9ef403fe5597a6521ccb84872e8d9_JaffaCakes118
-
Size
40KB
-
MD5
3dc9ef403fe5597a6521ccb84872e8d9
-
SHA1
8560dba8a0d09b70d1b49f91d9c1232b79d591cf
-
SHA256
f05e1900f2467a6267bb646a1942e67abe1c2ca9a65caf29920ab688b8c423f0
-
SHA512
094bc30833bcc039829e9c1707f4c77520cd8b4fbec001c37387fb3d590f6ef59eb3f8cc2527f9bf01670b78cefc7807cdc6827acc07966ece7165c35f508ae9
-
SSDEEP
768:N237+hlEIppksUMppPxytz8lfPI1Vot9WdG4uMldyLP:c3Sf9pk/MDxytzkA14MG02L
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3dc9ef403fe5597a6521ccb84872e8d9_JaffaCakes118
Files
-
3dc9ef403fe5597a6521ccb84872e8d9_JaffaCakes118.sys windows:4 windows x86 arch:x86
a923b720d21dd50ba095bf8f68ebe7cc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_snwprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
MmIsAddressValid
wcslen
wcscat
wcscpy
_wcsicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
IoRegisterDriverReinitialization
KeDelayExecutionThread
KeQuerySystemTime
IoDeviceObjectType
RtlAnsiStringToUnicodeString
PsGetVersion
ZwCreateFile
swprintf
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
RtlCompareUnicodeString
strncpy
PsLookupProcessByProcessId
_stricmp
ZwDeleteKey
wcsncpy
wcschr
ObfDereferenceObject
ObReferenceObjectByHandle
wcsrchr
ExFreePool
_snprintf
wcsstr
_wcslwr
IoGetCurrentProcess
_wcsnicmp
strncmp
ZwCreateKey
PsCreateSystemThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
MmGetSystemRoutineAddress
IofCompleteRequest
ZwSetInformationFile
RtlCopyUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 67B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ