Static task
static1
General
-
Target
493f48fe0803f96e5f5e46c4ed54faa0_JaffaCakes118
-
Size
21KB
-
MD5
493f48fe0803f96e5f5e46c4ed54faa0
-
SHA1
1204874be71fefd82095ad4ad74435a6c8b9c393
-
SHA256
1752cc1362e2781092f71a01fb2b5cd1d21966b017c5b2633ca94afd42e47e95
-
SHA512
f6e4a2900c830ac4aa0ef2cc09445e3ccf9d29482acd87b2fe24fa889bff1e4c3aee4d2cb8b1359c5ddb1161d4cdeb36b28a539ecf0e70385aecdfa66c00424e
-
SSDEEP
384:M+r70HL2yGlq9tzREP/OzB7sUi6LPbsfeaprbj8jYAJAQsRDQGHT0QIQ:McdyGQbzU2zePQbsf3rSfsaikQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 493f48fe0803f96e5f5e46c4ed54faa0_JaffaCakes118
Files
-
493f48fe0803f96e5f5e46c4ed54faa0_JaffaCakes118.sys windows:5 windows x86 arch:x86
41d0de76d12393a47c9a8ebf1bdde130
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
swprintf
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
KeDelayExecutionThread
ZwCreateKey
wcscat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
_wcslwr
wcsncpy
MmIsAddressValid
ZwUnmapViewOfSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 608B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ