Static task
static1
General
-
Target
4de802bf0f105175aecc46af722b4cf5_JaffaCakes118
-
Size
38KB
-
MD5
4de802bf0f105175aecc46af722b4cf5
-
SHA1
55a0613b10019ccb10949c7b9903ddd1727233ec
-
SHA256
58b3f6b8793d2a05adf51c8c84b0d28190178fa7c6fc1e0837d93c52f63ba33f
-
SHA512
f83cb531a4858332674716c796b389847b448847ace8c78593b6c68e44f64a493772aebb5a48fd84647bd1289ba54122fc5c80b512e345f7790446a9108a5464
-
SSDEEP
768:lJeDKRBe25CmfkUw+0anmYhkkofXOAMqkHG1mIO6yjalr6D3Vw0fWroXT8:lJyKRo6hkUw/alQYG1mfjwmrVw0fWrog
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4de802bf0f105175aecc46af722b4cf5_JaffaCakes118
Files
-
4de802bf0f105175aecc46af722b4cf5_JaffaCakes118.sys windows:5 windows x86 arch:x86
8b6b4f76a20b3a4878b17cb58e0a96ca
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoCreateNotificationEvent
InterlockedIncrement
ZwSetInformationThread
KeQuerySystemTime
_allrem
_alldiv
KeWaitForSingleObject
_aullrem
_aulldiv
ObfDereferenceObject
KeSetEvent
InterlockedExchange
InterlockedExchangeAdd
MmMapLockedPagesSpecifyCache
MmMapLockedPages
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoAllocateMdl
InterlockedDecrement
KeClearEvent
_allmul
IofCompleteRequest
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
IoDeleteSymbolicLink
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
ZwEnumerateKey
ZwQueryValueKey
ExAllocatePoolWithTag
RtlQueryRegistryValues
ExFreePool
DbgPrint
KeInitializeSpinLock
RtlInitUnicodeString
ZwOpenKey
ZwCreateKey
RtlWriteRegistryValue
IoFreeMdl
ZwClose
hal
KfReleaseSpinLock
KeQueryPerformanceCounter
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock
ndis.sys
NdisAllocatePacketPoolEx
NdisCloseAdapter
NdisFreePacketPool
NdisAllocatePacketPool
NdisInitializeEvent
NdisFreePacket
NdisSetEvent
NdisResetEvent
NdisWaitEvent
NdisSystemProcessorCount
NdisRegisterProtocol
NdisDeregisterProtocol
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateMemory
NdisFreeMemory
NdisOpenAdapter
NdisUnchainBufferAtFront
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 800B - Virtual size: 796B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ