Static task
static1
General
-
Target
416deb5a29fc81964351b1f037cf981d_JaffaCakes118
-
Size
40KB
-
MD5
416deb5a29fc81964351b1f037cf981d
-
SHA1
f1b059481c206cc5e9802f25e9adb4140c9a9d64
-
SHA256
a0ec0396d22256dc61ab30039245e3430194804236efb34b619bf8f24420677c
-
SHA512
e9320b56be74e2add45dd107b1d4adcc7e1edcce80069d77a5e29880771ba3ef3182d95a058ee6ce34f5b785a3087333c068fad5a65ee9e45767c031c663a323
-
SSDEEP
768:0oVIiuBDk0dGebwd6an8OJ9FrRJLSQksVM+ocfBUxDVzfZc+q+:0o60MGe8n8A9FrRJLRrM+N5UxDNfZpq+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 416deb5a29fc81964351b1f037cf981d_JaffaCakes118
Files
-
416deb5a29fc81964351b1f037cf981d_JaffaCakes118.sys windows:4 windows x86 arch:x86
da2c5f624cc58c9ef82809d91b2203a4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwSetValueKey
ZwCreateKey
RtlInitUnicodeString
MmIsAddressValid
RtlCompareUnicodeString
_snwprintf
wcsncpy
wcslen
wcschr
swprintf
ZwOpenKey
ObReferenceObjectByHandle
IoDeviceObjectType
wcsstr
_wcslwr
_wcsnicmp
ZwQueryValueKey
ExAllocatePoolWithTag
KeQuerySystemTime
_wcsicmp
ObfDereferenceObject
ExFreePool
_snprintf
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
ZwSetInformationFile
ZwCreateFile
wcscpy
_stricmp
wcscat
_except_handler3
MmGetSystemRoutineAddress
ZwDeleteKey
wcsrchr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
strncpy
IoGetCurrentProcess
strncmp
PsLookupProcessByProcessId
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
KeTickCount
KeQueryTimeIncrement
PsGetVersion
PsCreateSystemThread
KeDelayExecutionThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 66B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ