Static task
static1
General
-
Target
5caa3403a56063b9e25d6e769f9c046d_JaffaCakes118
-
Size
42KB
-
MD5
5caa3403a56063b9e25d6e769f9c046d
-
SHA1
de06d4dd5e91d3f194fb4ea9dd77ef980f92f4d4
-
SHA256
3695f76dc1838b16939fbce40bdbab1c37ce840a8818c1a1948ec8df51d22b97
-
SHA512
8cf90e24555d3700363f834371075b323f3a3dc499b73994a36d9104e08ae2c5f88e76bee6be18e961f6f6233e86d774c36ccf4bd0f9db3a78b6eacee0a043d2
-
SSDEEP
768:EKU4jtb2OW2YqVdI2GV5e5ld+ld1hkBJ6:EKUY2p2VsnGds1hkC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5caa3403a56063b9e25d6e769f9c046d_JaffaCakes118
Files
-
5caa3403a56063b9e25d6e769f9c046d_JaffaCakes118.sys windows:5 windows x86 arch:x86
50a3caf5d64e4338386522784002be3c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
SeLockSubjectContext
IoGetCurrentProcess
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoWMIOpenBlock
ExAllocatePoolWithTag
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 256B - Virtual size: 218B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 30B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ