Static task
static1
General
-
Target
4b4d6d4a1480b0e3796c53c3c74769d4_JaffaCakes118
-
Size
48KB
-
MD5
4b4d6d4a1480b0e3796c53c3c74769d4
-
SHA1
718ff09167321d66cf47da0239fa8276999ea51e
-
SHA256
486539a3f33faaff3dc654b7fa3653a1a3c2234a319f07de922f38edaa8c8c11
-
SHA512
1f43d5875fb97e995cc0b43b495548311f8d39da570738fe8c6cc8bcf6c953a8c648020ecafff266e7220315baf7cd0e8eb4f7c7e08fba296bdc19bbeca753ba
-
SSDEEP
384:+ScatnGMyPq9gD8PLvdBkF6jSxcZjBqs68Nd2d64FxdlaXSguV:+xknGBq9gD8xBaRxews60Q647
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4b4d6d4a1480b0e3796c53c3c74769d4_JaffaCakes118
Files
-
4b4d6d4a1480b0e3796c53c3c74769d4_JaffaCakes118.sys windows:4 windows x86 arch:x86
ec6bcf2ed431437530ad5e69ceef8b46
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
HalAllProcessorsStarted
HalSetBusData
KeAcquireQueuedSpinLock
HalSetEnvironmentVariable
HalHandleNMI
KeTryToAcquireQueuedSpinLock
ExAcquireFastMutex
KfRaiseIrql
WRITE_PORT_ULONG
HalRequestIpi
HalRequestIpi
HalDisplayString
KeGetCurrentIrql
KeReleaseSpinLock
KeReleaseSpinLock
HalSetBusDataByOffset
ExAcquireFastMutex
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_ULONG
HalInitializeProcessor
IoReadPartitionTable
HalStartNextProcessor
READ_PORT_ULONG
IoFreeAdapterChannel
READ_PORT_ULONG
IoReadPartitionTable
IoMapTransfer
READ_PORT_UCHAR
HalAssignSlotResources
HalAllocateCrashDumpRegisters
HalHandleNMI
HalSetBusData
KfReleaseSpinLock
HalGetBusData
HalMakeBeep
WRITE_PORT_UCHAR
KeQueryPerformanceCounter
WRITE_PORT_ULONG
HalClearSoftwareInterrupt
HalSetProfileInterval
KfReleaseSpinLock
HalQueryRealTimeClock
HalEndSystemInterrupt
READ_PORT_BUFFER_ULONG
WRITE_PORT_UCHAR
HalClearSoftwareInterrupt
KeAcquireSpinLock
HalSetBusDataByOffset
KeAcquireQueuedSpinLockRaiseToSynch
HalAllocateCommonBuffer
HalStartProfileInterrupt
READ_PORT_USHORT
HalSetDisplayParameters
READ_PORT_USHORT
READ_PORT_BUFFER_UCHAR
HalSetBusDataByOffset
HalSetProfileInterval
IoSetPartitionInformation
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalReportResourceUsage
HalReturnToFirmware
KeStallExecutionProcessor
KeReleaseSpinLock
KfRaiseIrql
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalAllProcessorsStarted
KfAcquireSpinLock
HalClearSoftwareInterrupt
ExAcquireFastMutex
HalSetBusDataByOffset
HalQueryDisplayParameters
HalGetInterruptVector
HalCalibratePerformanceCounter
HalFlushCommonBuffer
HalMakeBeep
KeReleaseQueuedSpinLock
KeLowerIrql
HalGetAdapter
HalProcessorIdle
KeTryToAcquireQueuedSpinLockRaiseToSynch
HalReadDmaCounter
KeAcquireSpinLockRaiseToSynch
ntoskrnl.exe
FsRtlUninitializeOplock
strncat
NtVdmControl
RtlLargeIntegerShiftLeft
FsRtlPrepareMdlWrite
KeInitializeMutex
CcGetFileObjectFromSectionPtrs
RtlCompareMemoryUlong
RtlNtStatusToDosErrorNoTeb
ExAcquireResourceExclusiveLite
FsRtlIsTotalDeviceFailure
mbtowc
MmMapUserAddressesToPage
IoFreeMdl
ExCreateCallback
ZwQueryDefaultLocale
RtlAnsiStringToUnicodeSize
FsRtlCurrentBatchOplock
IoFreeWorkItem
KeInitializeEvent
IoSynchronousPageWrite
PoCallDriver
IoQueryVolumeInformation
MmDisableModifiedWriteOfSection
RtlDestroyAtomTable
ExfInterlockedAddUlong
RtlDeleteAce
IoSetThreadHardErrorMode
CcUnpinData
InterlockedIncrement
PoSetHiberRange
_stricmp
RtlInitString
ExEventObjectType
ZwWaitForSingleObject
RtlUpcaseUnicodeStringToOemString
KeInsertQueueDpc
MmAdjustWorkingSetSize
Exi386InterlockedExchangeUlong
MmFreeContiguousMemorySpecifyCache
NlsMbCodePageTag
IoRequestDeviceEject
SeSystemDefaultDacl
KdEnableDebugger
RtlGetDaclSecurityDescriptor
ExCreateCallback
NtQueryEaFile
LsaCallAuthenticationPackage
MmCanFileBeTruncated
ZwEnumerateValueKey
RtlRemoveUnicodePrefix
SeAccessCheck
RtlIsGenericTableEmpty
KeRestoreFloatingPointState
SeCreateClientSecurity
FsRtlCopyRead
ZwResetEvent
wcsrchr
_strrev
WRITE_REGISTER_BUFFER_UCHAR
RtlUnicodeToMultiByteN
FsRtlGetNextMcbEntry
IofCallDriver
ExAcquireResourceSharedLite
SeSetAccessStateGenericMapping
RtlUlongByteSwap
RtlDeleteRegistryValue
wcscpy
MmIsAddressValid
ObReleaseObjectSecurity
FsRtlMdlReadDev
CcScheduleReadAhead
RtlAnsiStringToUnicodeString
FsRtlGetNextLargeMcbEntry
PsInitialSystemProcess
RtlFindLeastSignificantBit
ZwSetInformationThread
ExUuidCreate
IoReleaseRemoveLockAndWaitEx
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ