Static task
static1
General
-
Target
453277a548b40a682ebbbf0f7064d7da_JaffaCakes118
-
Size
40KB
-
MD5
453277a548b40a682ebbbf0f7064d7da
-
SHA1
75cb5b5570933d839152c76741c186a6b62bd456
-
SHA256
9402d7101de1063dfd7c2a449bdc4fa95727d908af8cc1553c098f21dbe284b1
-
SHA512
a5c7a94fa6a54873e4fe9c2415a1db437933d4822beab694dce81973ed625aa9cd958d359cc0605c8ba6a620bc70415ec4d54412d6c53686aa8ac1d255cd9766
-
SSDEEP
768:SlrP1czgJlJBQah6ST8tlhH7m/fJz6cuiwGX+wHDxncHYBxhPxBBC:4XlJia6tq/fJz6chwYHDxncWBxBw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 453277a548b40a682ebbbf0f7064d7da_JaffaCakes118
Files
-
453277a548b40a682ebbbf0f7064d7da_JaffaCakes118.sys windows:4 windows x86 arch:x86
b56c6bd9c2621314b69385b47a2992ce
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
swprintf
PsSetCreateProcessNotifyRoutine
_snwprintf
wcsncpy
wcslen
wcschr
ZwClose
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
KeDelayExecutionThread
KeQuerySystemTime
ExAllocatePoolWithTag
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwSetValueKey
ObReferenceObjectByHandle
ZwDeleteKey
ExFreePool
ObfDereferenceObject
_stricmp
wcsstr
_wcslwr
ZwCreateFile
wcsrchr
_snprintf
PsCreateSystemThread
_except_handler3
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncpy
RtlAnsiStringToUnicodeString
ZwSetInformationFile
wcscpy
strncmp
_wcsnicmp
RtlCompareUnicodeString
ZwCreateKey
RtlCopyUnicodeString
_wcsicmp
IoDeviceObjectType
IofCompleteRequest
wcscat
KeTickCount
KeQueryTimeIncrement
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 74B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ