Static task
static1
General
-
Target
4d918b672c0dd14c63cfe524fe6f9cd5_JaffaCakes118
-
Size
720KB
-
MD5
4d918b672c0dd14c63cfe524fe6f9cd5
-
SHA1
2de8012bebee053d4b102559d3cd8b8afb69e688
-
SHA256
06165948b3f2f69877775cb2c8c4b25cab6725aa82932a71a5b5c5d42ef39997
-
SHA512
b57f01c8661bd1d43a12768ae2c7fc81e9f6f06c608e7c95d9919bab0bd27732593e88832f759e8118fd54e0c95413067f26203085998e381333f4f2124ec181
-
SSDEEP
12288:3SQHsCA6yaw/4BWhRPYnzyxalDfLK/dmy1KF/Yytsk5cjKazKNcgxWQoAcPCcHC:3Cz6yT4GGap/dmyE+yak5cje8LxH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4d918b672c0dd14c63cfe524fe6f9cd5_JaffaCakes118
Files
-
4d918b672c0dd14c63cfe524fe6f9cd5_JaffaCakes118.sys windows:4 windows x86 arch:x86
0b0a950d345686d9c35352b53621c2e5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
KeSetEvent
IofCallDriver
ZwClose
ExFreePoolWithTag
RtlCompareMemory
PoStartNextPowerIrp
IoDetachDevice
KeCancelTimer
ExFreePool
ObReferenceObjectByHandle
KeSetTimer
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
KeInitializeMutex
IoReleaseRemoveLockAndWaitEx
ExDeleteNPagedLookasideList
IoAcquireCancelSpinLock
ZwCreateFile
MmProbeAndLockPages
KeSetPriorityThread
ZwQuerySystemInformation
Sections
.text Size: 318KB - Virtual size: 317KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 616B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 385KB - Virtual size: 384KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ