Static task
static1
General
-
Target
630dc38c25e842c9e53949fe58d0d6a2_JaffaCakes118
-
Size
5KB
-
MD5
630dc38c25e842c9e53949fe58d0d6a2
-
SHA1
740d45525d8daa66baaf503ef658535ac5084863
-
SHA256
c044fd3a33e186b2443e84aaa02c29a49c48cc8ca2c518aa4e7bf2ade148e491
-
SHA512
4678713608ec0129d8dade8c3613dbda9d4aae5d1766be86a27f97b6308b1101a8a1b9aed6daa6194e93fe784fbf7c109851200dcb4ad6e53bfc925edb2af6cf
-
SSDEEP
96:t5TaOtdS6GVfJA8nBTji4ta1qii7GH5gjmdNofzgrJ:39sSaT24cqiXyjmILgr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 630dc38c25e842c9e53949fe58d0d6a2_JaffaCakes118
Files
-
630dc38c25e842c9e53949fe58d0d6a2_JaffaCakes118.sys windows:4 windows x86 arch:x86
508b302c4dce1c22628e50883232f1b7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoGetDeviceObjectPointer
ObDereferenceObject
ObReferenceObjectByName
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwAccessCheckAndAuditAlarm
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAllocateVirtualMemory
ZwCancelIoFile
ZwCancelTimer
ZwClearEvent
ZwClose
ZwCloseObjectAuditAlarm
ZwConnectPort
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateKey
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwCreateTimer
IoGetCurrentProcess
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDisplayString
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushInstructionCache
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwOpenKey
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwSetValueKey
ZwTerminateProcess
ZwYieldExecution
KeServiceDescriptorTable
IoDriverObjectType
IoCallDriver
ZwDeleteFile
IoBuildDeviceIoControlRequest
ndis.sys
NdisRegisterProtocol
NdisDeregisterProtocol
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 320B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 288B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 448B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ