Static task
static1
General
-
Target
4094018511961740e569594a3fd78393_JaffaCakes118
-
Size
46KB
-
MD5
4094018511961740e569594a3fd78393
-
SHA1
828385cd1dee941d9788ebc69eff32fb9f8634dd
-
SHA256
d1258fba6937bdb2e644e3f3d0826949afe5e2c3bb0f9b4a7bc45cf2798f102a
-
SHA512
ccdfb0882496712ac97a25f56676ac68c14fd1c56cf4979a00169b9cb65a68552a5791480b0c92467d08be8ce7820255b32e31f6549ab0d6c65e26745c6bd009
-
SSDEEP
768:gdYVAJkqQ/cxik9G5ag85UBuZ0J9f3zdZH82DsrrtDOFpiE7:gQ6NOExSalyBnJ9f3Prs/tD6piM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4094018511961740e569594a3fd78393_JaffaCakes118
Files
-
4094018511961740e569594a3fd78393_JaffaCakes118.sys windows:5 windows x86 arch:x86
5f63bccefa615bed8a97fb4b0a04921f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExUnregisterCallback
IofCompleteRequest
KeSetEvent
IoDeleteDevice
KeBugCheckEx
PoCallDriver
IoCancelIrp
IoDetachDevice
IofCallDriver
IoFreeIrp
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlCopyUnicodeString
RtlCompareMemory
KeQueryInterruptTime
KeDelayExecutionThread
IoAllocateIrp
RtlCompareUnicodeString
ExFreePool
KeGetCurrentThread
PsGetCurrentProcessId
RtlInitUnicodeString
KeInitializeEvent
ZwCreateEvent
ExFreePoolWithTag
hal
ExAcquireFastMutex
ExReleaseFastMutex
battc.sys
BatteryClassIoctl
BatteryClassStatusNotify
BatteryClassInitializeDevice
BatteryClassUnload
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 398B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ