Static task
static1
General
-
Target
46445eccdd012e43574f4e4589f3b882_JaffaCakes118
-
Size
40KB
-
MD5
46445eccdd012e43574f4e4589f3b882
-
SHA1
45a64434120a073401211581ede9b1fdd0dde75c
-
SHA256
aa542ac118dafbd2ff644dcd9b60095244f836298e9e565ef97cb299f3618c2e
-
SHA512
6fdf8e49d0c0c6180082d7a183dfeebb5384f773e3ab9ec4d30d8a98bcf46bb16309a38d978b20182f3b2a658cde00b6f6b50d82518bb00ebcea5c53ae0cc729
-
SSDEEP
768:2KwOkEeMNbQkNfQ0BA2Xe+djNMYeqFcEutE3LPWrt65QWcY0BxmB2zERKCw:1wM7bQKfQ0BfxTMYeUtutEb+Q5QxY0gW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 46445eccdd012e43574f4e4589f3b882_JaffaCakes118
Files
-
46445eccdd012e43574f4e4589f3b882_JaffaCakes118.sys windows:4 windows x86 arch:x86
93cbd790a03be5d8fecafdc2dd70e501
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
wcslen
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
KeTickCount
KeQueryTimeIncrement
_stricmp
swprintf
KeDelayExecutionThread
KeQuerySystemTime
strncpy
PsLookupProcessByProcessId
_wcsnicmp
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
IoDeviceObjectType
wcsstr
_wcslwr
ZwSetInformationFile
ZwCreateFile
wcscpy
RtlCompareUnicodeString
ZwQueryValueKey
IofCompleteRequest
RtlCopyUnicodeString
PsCreateSystemThread
_snwprintf
ExAllocatePoolWithTag
ExFreePool
_snprintf
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncmp
IoGetCurrentProcess
_wcsicmp
ZwCreateKey
PsGetVersion
IoRegisterDriverReinitialization
wcscat
wcschr
PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 63B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ