Static task
static1
General
-
Target
60f7b10e538fb75e81e7d53171314c47_JaffaCakes118
-
Size
47KB
-
MD5
60f7b10e538fb75e81e7d53171314c47
-
SHA1
16a2964a42475d4a76bb1f9752b37d6222cd853e
-
SHA256
f76c77b77443b62f9cfbe515b00222ed836f685aa86fe2d21066902d484af6d3
-
SHA512
975c9ca00fe905fe6f5046f4f23e072d56777bf46335961874d209bfa3db6937aabe37c9c138fbf2017f232415a0b9306488af47c94d55f475d3664a78ba29b2
-
SSDEEP
384:mS2lw7PMOfhQnDhI74XCMKV+K83J+IiZh3Ld2dV5n2v8UhL:sw7P/uI74yMKV8+XtQPn2v/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 60f7b10e538fb75e81e7d53171314c47_JaffaCakes118
Files
-
60f7b10e538fb75e81e7d53171314c47_JaffaCakes118.sys windows:4 windows x86 arch:x86
2345b657737c4e6c074077541d62394c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlTraceDatabaseUnlock
ZwRestoreKey
NtVdmControl
RtlInsertElementGenericTable
ZwQueryVolumeInformationFile
MmMapMemoryDumpMdl
ZwUnloadDriver
FsRtlMdlReadComplete
NtAdjustPrivilegesToken
SePrivilegeObjectAuditAlarm
KeReadStateQueue
SeDeleteAccessState
Ke386IoSetAccessProcess
FsRtlMdlReadDev
RtlAddAccessAllowedAce
_itow
_vsnprintf
memchr
FsRtlSplitLargeMcb
FsRtlUninitializeFileLock
IoStartNextPacket
MmUnmapVideoDisplay
ZwCreateTimer
ZwCreateDirectoryObject
ZwQueryInformationToken
ExIsResourceAcquiredSharedLite
CcPrepareMdlWrite
NtAllocateUuids
_allshl
InbvCheckDisplayOwnership
RtlCharToInteger
RtlZeroHeap
IoRegisterFsRegistrationChange
KeRestoreFloatingPointState
InitSafeBootMode
InbvSetScrollRegion
MmForceSectionClosed
ZwUnloadDriver
KeI386MachineType
ZwYieldExecution
MmAdjustWorkingSetSize
RtlGetDaclSecurityDescriptor
RtlConvertUlongToLargeInteger
FsRtlLegalAnsiCharacterArray
LpcPortObjectType
_allshr
Kei386EoiHelper
Ke386QueryIoAccessMap
rand
RtlSelfRelativeToAbsoluteSD2
SeAccessCheck
IoCheckQuerySetVolumeInformation
ExfInterlockedPopEntryList
ExWindowStationObjectType
wcsncat
RtlInitializeSid
KeInitializeTimer
ObDereferenceObject
IoInitializeRemoveLockEx
KeInitializeTimer
isupper
SeAssignSecurityEx
IoGetStackLimits
PsRestoreImpersonation
RtlSelfRelativeToAbsoluteSD
CcMdlReadComplete
SeSetSecurityDescriptorInfo
RtlNumberGenericTableElements
KeSetTimeIncrement
FsRtlCheckLockForReadAccess
hal
KeRaiseIrqlToSynchLevel
HalClearSoftwareInterrupt
IoWritePartitionTable
KeGetCurrentIrql
KeQueryPerformanceCounter
KeReleaseSpinLock
HalGetEnvironmentVariable
KeAcquireQueuedSpinLock
HalReturnToFirmware
KeTryToAcquireQueuedSpinLock
HalSetTimeIncrement
HalGetEnvironmentVariable
HalAllocateCrashDumpRegisters
KeAcquireQueuedSpinLockRaiseToSynch
IoReadPartitionTable
HalHandleNMI
HalSystemVectorDispatchEntry
READ_PORT_BUFFER_USHORT
HalSetBusData
KeReleaseQueuedSpinLock
HalSystemVectorDispatchEntry
HalGetBusData
IoWritePartitionTable
KeStallExecutionProcessor
IoSetPartitionInformation
HalSetTimeIncrement
HalQueryRealTimeClock
HalInitSystem
HalReportResourceUsage
HalQueryRealTimeClock
ExReleaseFastMutex
KdComPortInUse
KfLowerIrql
KfReleaseSpinLock
HalSetProfileInterval
IoReadPartitionTable
KeAcquireQueuedSpinLockRaiseToSynch
KeAcquireQueuedSpinLockRaiseToSynch
IoWritePartitionTable
HalSystemVectorDispatchEntry
HalGetInterruptVector
KeAcquireSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
KeStallExecutionProcessor
HalTranslateBusAddress
KeRaiseIrqlToSynchLevel
HalSetTimeIncrement
ExAcquireFastMutex
READ_PORT_USHORT
HalSetTimeIncrement
HalEndSystemInterrupt
ExReleaseFastMutex
READ_PORT_ULONG
ExReleaseFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
IoWritePartitionTable
HalSetDisplayParameters
HalSetProfileInterval
IoMapTransfer
HalSetProfileInterval
READ_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalInitializeProcessor
IoSetPartitionInformation
IoFreeMapRegisters
HalAllProcessorsStarted
HalMakeBeep
KfAcquireSpinLock
KdComPortInUse
HalRequestIpi
HalEndSystemInterrupt
IoReadPartitionTable
HalSystemVectorDispatchEntry
IoFlushAdapterBuffers
IoReadPartitionTable
HalTranslateBusAddress
READ_PORT_ULONG
KeRaiseIrqlToDpcLevel
WRITE_PORT_UCHAR
HalReportResourceUsage
IoMapTransfer
HalAssignSlotResources
HalMakeBeep
KeFlushWriteBuffer
HalMakeBeep
HalAcquireDisplayOwnership
KfReleaseSpinLock
KeAcquireSpinLock
HalCalibratePerformanceCounter
HalHandleNMI
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ