Static task
static1
General
-
Target
4515bb6236dcd916ab35deb6632f7079_JaffaCakes118
-
Size
745KB
-
MD5
4515bb6236dcd916ab35deb6632f7079
-
SHA1
cc7a5dc38582d4073754f3375e359df38f87cb81
-
SHA256
faa9a4c0088a3c77ea70aa3c09a1fd7056156a5b3a6c98f3fd58ed0fd0a18485
-
SHA512
0d0d961deb0d6dcfe287a044979995ac3dfa79941874824a721ef6e108b478485e2d72c87c49c178194da0168fe37110eae491d085fc7bd886f7498d2eb09f16
-
SSDEEP
12288:xOq8mI+2fXAvSNlViIDtpeu/I9wixqY2c3FkXJ1lac7oGyQoZK3R19Nxn9sLj+Hg:Uq8mI/YuB6uw9Zqw1IjackGyXZ2S
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4515bb6236dcd916ab35deb6632f7079_JaffaCakes118
Files
-
4515bb6236dcd916ab35deb6632f7079_JaffaCakes118.sys windows:4 windows x86 arch:x86
8e027860a6b17777a84e87c38ca4dcea
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
KeBugCheckEx
KeWaitForSingleObject
KeSetEvent
ZwClose
IofCompleteRequest
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
PoCallDriver
IoFreeIrp
ObfDereferenceObject
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
IoDetachDevice
RtlFreeUnicodeString
IoAllocateIrp
ZwOpenKey
RtlQueryRegistryValues
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
ExFreePool
IoQueueWorkItem
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
IoSetDeviceInterfaceState
IoCancelIrp
PoSetPowerState
IoRegisterDeviceInterface
ZwSetValueKey
MmGetSystemRoutineAddress
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
IoReleaseCancelSpinLock
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
DbgPrint
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
ZwCreateKey
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoConnectInterrupt
ZwCreateFile
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer
ZwQuerySystemInformation
ExFreePoolWithTag
Sections
.text Size: 314KB - Virtual size: 314KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 412KB - Virtual size: 411KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ