Static task
static1
General
-
Target
4d955f4c6b2a6acba3797b7fe4d68fa1_JaffaCakes118
-
Size
20KB
-
MD5
4d955f4c6b2a6acba3797b7fe4d68fa1
-
SHA1
181e0f35f387ce1135ac7434ab60515f6f92ab14
-
SHA256
cd6502890f46ef489a1b0419015bdc11a1eeeb8d8fd81a49f115fe356aee9faf
-
SHA512
4ce055519b7c2f7f8e612aaf9f135875040bc0ef8c965be15d03efd64b75e480d1457ff2b05148d7330dd0a5ea590a10755eef4d85a077802a8d148a563faf69
-
SSDEEP
384:7RrNiGCmfaTfYfmSCl3HlCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtGP6:dr+r7S1sIpiKE4T7pYF4u3UVaDwBt3oV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4d955f4c6b2a6acba3797b7fe4d68fa1_JaffaCakes118
Files
-
4d955f4c6b2a6acba3797b7fe4d68fa1_JaffaCakes118.sys windows:4 windows x86 arch:x86
c4d745f092d18029936028b71236e768
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_stricmp
IoGetCurrentProcess
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ZwClose
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
RtlInitUnicodeString
strncmp
_except_handler3
ZwCreateFile
IofCompleteRequest
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
strstr
ZwQueryValueKey
ExFreePool
ZwCreateKey
wcscat
wcscpy
ExAllocatePoolWithTag
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
_snwprintf
ZwEnumerateKey
ZwWriteFile
_wcsnicmp
wcslen
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 902B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ