Static task
static1
General
-
Target
5c4767741acb7c9fd189722587a7b95f_JaffaCakes118
-
Size
40KB
-
MD5
5c4767741acb7c9fd189722587a7b95f
-
SHA1
0fcc5fb48621961d22b491eef2463c8c15691eeb
-
SHA256
3c2255e4cf736855d7a74646b2a52b429a46bcccc57b46937830b9fa7b934c12
-
SHA512
a24a0fbedfc6f0b427a43a04df4b2336940c8e16b4f783e3345ce524165342ff988abd2fb92bb1fbd5dd3344a2ec824e01524c4c9f779cebc820e79fc03f29ca
-
SSDEEP
768:2nKCLcyBedEhd8qCOnDqWkqmiFMrKZ2W+NHJA9RGbB3n3+pnEh4oIA2:2nnjBUcAwD9gyh+NHWA3nupne
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5c4767741acb7c9fd189722587a7b95f_JaffaCakes118
Files
-
5c4767741acb7c9fd189722587a7b95f_JaffaCakes118.sys windows:4 windows x86 arch:x86
fa1486301b414b3476d9aa3ea94c7eb8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
ZwClose
ZwDeleteKey
swprintf
ZwOpenKey
RtlInitUnicodeString
wcsstr
_wcslwr
ZwSetValueKey
wcslen
_wcsicmp
wcsncpy
wcsrchr
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
wcscat
wcscpy
ZwQueryValueKey
_except_handler3
KeDelayExecutionThread
KeQuerySystemTime
RtlCompareUnicodeString
PsCreateSystemThread
PsGetVersion
MmGetSystemRoutineAddress
ObReferenceObjectByHandle
IoDeviceObjectType
IoRegisterDriverReinitialization
_wcsnicmp
IoGetCurrentProcess
ZwCreateKey
strncmp
ZwSetInformationFile
ZwCreateFile
KeTickCount
KeQueryTimeIncrement
_stricmp
_snwprintf
strncpy
_snprintf
PsLookupProcessByProcessId
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcschr
IofCompleteRequest
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 64B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ