Static task
static1
General
-
Target
3ea53432566622152e1cd62f232a7922_JaffaCakes118
-
Size
46KB
-
MD5
3ea53432566622152e1cd62f232a7922
-
SHA1
2b63cf616882bec9589af233ce67593ef65266c6
-
SHA256
9435f432b0917d6d5b1442667b31e7b6665ec4935dddd35fb2371fc02e0416c5
-
SHA512
3a0b55ef1722a67e224a9be4953c0b0654ea5bb193b0e6672479bff2653805f2ca19455b5032b24c0f039576b85363bcefd6723f228bac87d14a6e4ba53561e4
-
SSDEEP
384:7KKBAfGZF1HXGBlFbdGJrMgd7T8hKJbUp2KJpSEMdQI8IPiYJq6zbvbTfb:7KWjZF1HudGqgN8WUsKlyQJq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3ea53432566622152e1cd62f232a7922_JaffaCakes118
Files
-
3ea53432566622152e1cd62f232a7922_JaffaCakes118.sys windows:4 windows x86 arch:x86
98bd0f8b9b2d6a7ce2f7026072566905
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PoRequestPowerIrp
HalDispatchTable
WRITE_REGISTER_ULONG
InbvIsBootDriverInstalled
NtQueryInformationFile
wcscmp
KeSetEvent
RtlDeleteOwnersRanges
NtQueryInformationFile
KiIpiServiceRoutine
IoInitializeRemoveLockEx
RtlInvertRangeList
RtlSetSaclSecurityDescriptor
ZwQuerySection
NlsOemCodePage
RtlNextUnicodePrefix
RtlGetDefaultCodePage
IoSetShareAccess
RtlUshortByteSwap
SeSetSecurityDescriptorInfo
RtlInitializeGenericTable
RtlUpcaseUnicodeStringToCountedOemString
MmSetAddressRangeModified
FsRtlGetNextFileLock
FsRtlInitializeMcb
_snwprintf
RtlLargeIntegerShiftRight
IoCheckQuerySetFileInformation
RtlAddAce
vsprintf
KeProfileInterruptWithSource
DbgLoadImageSymbols
LsaCallAuthenticationPackage
KePulseEvent
ZwSetInformationThread
READ_REGISTER_UCHAR
MmMapLockedPages
FsRtlUninitializeOplock
ZwQuerySecurityObject
IoSetTopLevelIrp
LsaRegisterLogonProcess
IoCreateUnprotectedSymbolicLink
ZwSetInformationThread
ZwOpenThreadToken
IoGetStackLimits
RtlStringFromGUID
InbvSolidColorFill
MmSecureVirtualMemory
IoWMIWriteEvent
MmAdjustWorkingSetSize
FsRtlIsDbcsInExpression
IoAttachDeviceByPointer
KeFindConfigurationEntry
NtUnlockFile
LpcRequestWaitReplyPort
FsRtlIsNtstatusExpected
ZwQuerySecurityObject
IoFastQueryNetworkAttributes
LpcPortObjectType
FsRtlFastUnlockAllByKey
ZwDuplicateObject
KeI386GetLid
RtlFindClearBitsAndSet
MmSecureVirtualMemory
MmSystemRangeStart
CcGetFileObjectFromSectionPtrs
NlsLeadByteInfo
wcsncat
PsEstablishWin32Callouts
RtlQueryRegistryValues
RtlEnlargedIntegerMultiply
atoi
MmFreeContiguousMemorySpecifyCache
SeLockSubjectContext
RtlUnicodeToCustomCPN
KdDisableDebugger
KeSetKernelStackSwapEnable
ObOpenObjectByPointer
READ_REGISTER_BUFFER_USHORT
LsaCallAuthenticationPackage
SeImpersonateClientEx
FsRtlDoesNameContainWildCards
MmMapViewInSessionSpace
RtlMergeRangeLists
KeInitializeTimer
ZwFreeVirtualMemory
RtlLargeIntegerSubtract
KeInitializeSemaphore
KeI386AllocateGdtSelectors
ZwDuplicateToken
HalPrivateDispatchTable
DbgBreakPoint
MmPageEntireDriver
ObfReferenceObject
RtlAnsiCharToUnicodeChar
IoUnregisterShutdownNotification
ZwSetInformationFile
ZwQueryVolumeInformationFile
RtlUpcaseUnicodeToOemN
RtlInsertUnicodePrefix
ExInitializeResourceLite
ExGetExclusiveWaiterCount
SePublicDefaultDacl
KeStackAttachProcess
CcGetFlushedValidData
KiDeliverApc
KeRemoveEntryDeviceQueue
RtlUlongByteSwap
CcDeferWrite
RtlCreateHeap
ExInterlockedIncrementLong
IoCheckQuerySetVolumeInformation
KeLoaderBlock
IoGetDeviceObjectPointer
READ_REGISTER_USHORT
ObfDereferenceObject
NtDeviceIoControlFile
ZwSetInformationProcess
RtlUlonglongByteSwap
ZwDeleteFile
ZwOpenEvent
RtlUnicodeStringToOemSize
ExInitializeZone
ObGetObjectSecurity
KeReleaseMutex
LpcRequestPort
FsRtlLegalAnsiCharacterArray
RtlVolumeDeviceToDosName
FsRtlAreNamesEqual
RtlCharToInteger
CcGetFileObjectFromBcb
ExfInterlockedInsertTailList
RtlPrefixString
IoIsWdmVersionAvailable
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ