Static task
static1
General
-
Target
3dd77f6029d299b14f23da6192bfceaa_JaffaCakes118
-
Size
30KB
-
MD5
3dd77f6029d299b14f23da6192bfceaa
-
SHA1
a7c832f6c2ec36e5172221ac1e47130c1670c268
-
SHA256
507a3129a0d3c305d5b66b379a10a7377bb4d76d595e741eb8f09155649947ab
-
SHA512
da710664bae2262a9dd0c70cabe2de031774d2fa4861fe5e717a459b3aa521271ac340664161dbd5161861067b9ab9c8142a3101b16884cffb27337e8b754a78
-
SSDEEP
768:UF70DJXq5vdr2LXPjyfSoqau6yDw3eE6g/YRgK9Ttvc5OvWNDhrlsJfpL3:DDJXq5vdqbKqa4k3j6g/YeK9TtckmhGN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3dd77f6029d299b14f23da6192bfceaa_JaffaCakes118
Files
-
3dd77f6029d299b14f23da6192bfceaa_JaffaCakes118.sys windows:4 windows x86 arch:x86
aab09ec5cfe1b89dda3446bac03fd939
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strstr
islower
atoi
isprint
isxdigit
isdigit
strrchr
isspace
isupper
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
atol
PsGetVersion
toupper
strchr
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
wcslen
swprintf
wcscat
wcscpy
tolower
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
MmIsAddressValid
IoRegisterDriverReinitialization
srand
_wcslwr
wcsncpy
ZwUnmapViewOfSection
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ