Static task
static1
General
-
Target
4c9fcaa070175c6e52bb09d720d43cd8_JaffaCakes118
-
Size
46KB
-
MD5
4c9fcaa070175c6e52bb09d720d43cd8
-
SHA1
d9545b641eac5406f8a95ea658d984aeaebd02f2
-
SHA256
23c8052b1a49f44c1ba6537643b2cd8bfa723b5e8f719079fbf107db2311fad2
-
SHA512
7d63bdd47b86cd4889fa5345c73514dfaa2cd5b49a62f312eb9e284d7779db351a2b788414e78a4cab56a2de12100e1d91c980241cc8d796b7ced3a0b2cb8c19
-
SSDEEP
384:HVS2dEzd7v2ddDVwuaeKvXocw7/dGdB7r6u7rZqCoCcJM1lN:HiedWZeSXVy1gBf9fX/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4c9fcaa070175c6e52bb09d720d43cd8_JaffaCakes118
Files
-
4c9fcaa070175c6e52bb09d720d43cd8_JaffaCakes118.sys windows:4 windows x86 arch:x86
9a02530d26d1be93ee5c1d6c45a90cd3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncat
ZwMapViewOfSection
ExInterlockedInsertHeadList
IoUnregisterFileSystem
ExInterlockedExtendZone
wcscspn
NtWaitForSingleObject
SeSetSecurityDescriptorInfoEx
ExFreePoolWithTag
Mm64BitPhysicalAddress
IoIsFileOriginRemote
Ke386CallBios
ZwDeleteKey
KeInsertHeadQueue
KeI386MachineType
Exfi386InterlockedDecrementLong
ExCreateCallback
ExfInterlockedInsertHeadList
RtlInitializeSid
RtlUpcaseUnicodeStringToCountedOemString
islower
RtlEnumerateGenericTable
NtSetInformationProcess
MmIsRecursiveIoFault
_snwprintf
NtQueryVolumeInformationFile
sprintf
MmForceSectionClosed
RtlInitString
IoWriteTransferCount
IoCallDriver
RtlExtendedIntegerMultiply
RtlDeleteAtomFromAtomTable
ObInsertObject
IoStartNextPacketByKey
RtlCaptureContext
IoBuildDeviceIoControlRequest
RtlNtStatusToDosErrorNoTeb
IoCreateUnprotectedSymbolicLink
RtlFindUnicodePrefix
ZwFsControlFile
MmGetPhysicalMemoryRanges
IoCreateNotificationEvent
RtlInitAnsiString
IoCheckDesiredAccess
FsRtlAddToTunnelCache
ZwSetDefaultUILanguage
HalPrivateDispatchTable
ExReinitializeResourceLite
RtlDeleteRegistryValue
SeReleaseSecurityDescriptor
RtlDescribeChunk
ZwCreateSection
hal
HalRequestIpi
KeAcquireSpinLock
HalClearSoftwareInterrupt
KeQueryPerformanceCounter
KeQueryPerformanceCounter
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel
HalSetProfileInterval
HalGetEnvironmentVariable
HalReadDmaCounter
ExTryToAcquireFastMutex
HalSystemVectorDispatchEntry
HalSetProfileInterval
KeQueryPerformanceCounter
IoFreeMapRegisters
KeRaiseIrql
HalStopProfileInterrupt
HalAllProcessorsStarted
HalHandleNMI
READ_PORT_USHORT
HalQueryDisplayParameters
READ_PORT_BUFFER_UCHAR
IoReadPartitionTable
KfAcquireSpinLock
IoMapTransfer
KdComPortInUse
KeGetCurrentIrql
HalStartNextProcessor
KeReleaseQueuedSpinLock
KfRaiseIrql
WRITE_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalAdjustResourceList
HalSystemVectorDispatchEntry
READ_PORT_USHORT
IoSetPartitionInformation
HalAllProcessorsStarted
IoFlushAdapterBuffers
READ_PORT_UCHAR
KeRaiseIrqlToDpcLevel
HalRequestSoftwareInterrupt
KeRaiseIrqlToSynchLevel
HalGetEnvironmentVariable
IoReadPartitionTable
IoWritePartitionTable
HalGetBusData
HalSetTimeIncrement
HalFlushCommonBuffer
ExReleaseFastMutex
READ_PORT_USHORT
KfLowerIrql
ExReleaseFastMutex
IoFlushAdapterBuffers
HalStartProfileInterrupt
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalRequestIpi
HalGetEnvironmentVariable
IoFreeMapRegisters
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ