Static task
static1
General
-
Target
5fd8736b7966d073ff97e214a81f3887_JaffaCakes118
-
Size
41KB
-
MD5
5fd8736b7966d073ff97e214a81f3887
-
SHA1
8fc7978a654dc2c8952811c1e1fbddd2dab67f5e
-
SHA256
b5d39313fe471787cc495e1c9797d53b1015a023a390281f82667b528676feec
-
SHA512
fee0bdb269d622d28a83d8de5086dd8d6f8b5270618e1687db6e026e932b3e85ac2c58777630447d4d59c3de68e373e533f1dec4e191a0e22940adba6c871250
-
SSDEEP
768:MNQ65/n3+sjvWnr7cChA9sTlTj0ZF2RYMn4fZkxejTpfPyZF5XXhDRmXLKKo9mb6:MC6l3+sjQRhmQln0ZMRYnZ4KpGXXhtaR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5fd8736b7966d073ff97e214a81f3887_JaffaCakes118
Files
-
5fd8736b7966d073ff97e214a81f3887_JaffaCakes118.sys windows:4 windows x86 arch:x86
a2816d1f132e02d74c99a99f9f8c84c5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
wcslen
strncpy
IoGetCurrentProcess
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
ZwSetInformationFile
wcscpy
wcsstr
_wcslwr
ObReferenceObjectByHandle
KeTickCount
KeQueryTimeIncrement
_stricmp
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
_snwprintf
ExAllocatePoolWithTag
strncmp
RtlCopyUnicodeString
MmIsAddressValid
KeQuerySystemTime
ZwDeleteKey
ZwQueryValueKey
ZwOpenKey
RtlCompareUnicodeString
wcsncpy
PsGetVersion
_wcsicmp
wcsrchr
ObfDereferenceObject
_wcsnicmp
wcscat
_except_handler3
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateKey
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
PsCreateSystemThread
PsLookupProcessByProcessId
IoDeviceObjectType
ExFreePool
_snprintf
wcschr
KeDelayExecutionThread
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 67B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ