Static task
static1
General
-
Target
5e23df4d430daff0f2a5dc0c08fdd9b2_JaffaCakes118
-
Size
2KB
-
MD5
5e23df4d430daff0f2a5dc0c08fdd9b2
-
SHA1
a7ad9f015984d9a75f93423230c559e350342de6
-
SHA256
3c55ea5146b6871f70cc417b27e72900412eb518939821a53f54959278bed429
-
SHA512
c46799227a9821be6ab187eced35bf3604346e90ecd0598079d4863ccc7ccbd0b3889616761314a7a3a482b93ceb85d3d119352edb885301ddc3d78a447f0ccd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5e23df4d430daff0f2a5dc0c08fdd9b2_JaffaCakes118
Files
-
5e23df4d430daff0f2a5dc0c08fdd9b2_JaffaCakes118.sys windows:4 windows x86 arch:x86
43dd0aaea4fa34d4c7524c3ec172687e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePool
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwReadFile
ExAllocatePoolWithTag
ZwClose
ZwQueryInformationFile
ZwCreateFile
ExFreePool
ExFreePoolWithTag
memcpy
strcat
RtlFreeUnicodeString
ZwQuerySystemInformation
DbgPrint
strcpy
InterlockedExchange
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 480B - Virtual size: 452B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 96B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ