Static task
static1
General
-
Target
4794157a9fc0bfe5e221cd92ef1839bd_JaffaCakes118
-
Size
23KB
-
MD5
4794157a9fc0bfe5e221cd92ef1839bd
-
SHA1
07f2188b31a1b385901f65891fce2ecb1482c981
-
SHA256
c7f2877f37947a0ebdecbacfcbbd9638ed7b4226d4c90403e9661a64c37540d8
-
SHA512
3babd2650c81c958e5b97fbdd51768380a96ddc5648cd1a14c3d38387478eff9626f699ca31f2b49b8c7ab1f31786474f9bb36f06eb53e7bc0465a0eddea241b
-
SSDEEP
384:ybrxgMTPH344ZzjjrVBPNQuR0K0yqW/Y11sEL7ohN3hF+M0:oG0Ho4BDVNNhD0e/YrhHSN3hF+M0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4794157a9fc0bfe5e221cd92ef1839bd_JaffaCakes118
Files
-
4794157a9fc0bfe5e221cd92ef1839bd_JaffaCakes118.sys windows:4 windows x86 arch:x86
09027f0ccee396a3d316a631d7c6eff7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwDuplicateObject
ZwQueryInformationProcess
RtlGetSaclSecurityDescriptor
MmIsNonPagedSystemAddressValid
RtlCopyString
RtlFindMessage
RtlIntegerToUnicodeString
ExAllocatePool
IoBuildAsynchronousFsdRequest
_strnset
memset
IoQueryDeviceDescription
PsInitialSystemProcess
ExSystemExceptionFilter
WRITE_REGISTER_ULONG
CcUnpinData
ExFreePool
RtlFillMemoryUlong
strcmp
ZwSaveKey
PsChargePoolQuota
ZwDeleteKey
FsRtlAreNamesEqual
RtlCustomCPToUnicodeN
ObQueryNameString
towupper
DbgPrint
InterlockedIncrement
IoGetInitialStack
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.abc Size: 512B - Virtual size: 262B
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 490B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ