Static task
static1
General
-
Target
64dda10e64bb3e4d7fc41211f0e35da4_JaffaCakes118
-
Size
47KB
-
MD5
64dda10e64bb3e4d7fc41211f0e35da4
-
SHA1
b08f0ef8c4fad99ddecdeab85b1fbfba8284c0e6
-
SHA256
50a439346f259e2ad297b979bf4a9c362c5e6aa4640e76d743ad0d0414c19707
-
SHA512
5248939310959336be5689ba384d4f6209eed7b797d87cd82eb24f802068dfa7f8f291769c558bb5871bd1ac536167300b4b2dd070814945bf943bfeeb56eb2b
-
SSDEEP
384:1pCNQDO+szC+OKkSNxKYYhU9RkPv1GLLd2dsrb5n2v8UhL:1pRtszC+OKrxK5CbIv4Qsrtn2v/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 64dda10e64bb3e4d7fc41211f0e35da4_JaffaCakes118
Files
-
64dda10e64bb3e4d7fc41211f0e35da4_JaffaCakes118.sys windows:4 windows x86 arch:x86
2345b657737c4e6c074077541d62394c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlTraceDatabaseUnlock
ZwRestoreKey
NtVdmControl
RtlInsertElementGenericTable
ZwQueryVolumeInformationFile
MmMapMemoryDumpMdl
ZwUnloadDriver
FsRtlMdlReadComplete
NtAdjustPrivilegesToken
SePrivilegeObjectAuditAlarm
KeReadStateQueue
SeDeleteAccessState
Ke386IoSetAccessProcess
FsRtlMdlReadDev
RtlAddAccessAllowedAce
_itow
_vsnprintf
memchr
FsRtlSplitLargeMcb
FsRtlUninitializeFileLock
IoStartNextPacket
MmUnmapVideoDisplay
ZwCreateTimer
ZwCreateDirectoryObject
ZwQueryInformationToken
ExIsResourceAcquiredSharedLite
CcPrepareMdlWrite
NtAllocateUuids
_allshl
InbvCheckDisplayOwnership
RtlCharToInteger
RtlZeroHeap
IoRegisterFsRegistrationChange
KeRestoreFloatingPointState
InitSafeBootMode
InbvSetScrollRegion
MmForceSectionClosed
ZwUnloadDriver
KeI386MachineType
ZwYieldExecution
MmAdjustWorkingSetSize
RtlGetDaclSecurityDescriptor
RtlConvertUlongToLargeInteger
FsRtlLegalAnsiCharacterArray
LpcPortObjectType
_allshr
Kei386EoiHelper
Ke386QueryIoAccessMap
rand
RtlSelfRelativeToAbsoluteSD2
SeAccessCheck
IoCheckQuerySetVolumeInformation
ExfInterlockedPopEntryList
ExWindowStationObjectType
wcsncat
RtlInitializeSid
KeInitializeTimer
ObDereferenceObject
IoInitializeRemoveLockEx
KeInitializeTimer
isupper
SeAssignSecurityEx
IoGetStackLimits
PsRestoreImpersonation
RtlSelfRelativeToAbsoluteSD
CcMdlReadComplete
SeSetSecurityDescriptorInfo
RtlNumberGenericTableElements
KeSetTimeIncrement
FsRtlCheckLockForReadAccess
hal
KeRaiseIrqlToSynchLevel
HalClearSoftwareInterrupt
IoWritePartitionTable
KeGetCurrentIrql
KeQueryPerformanceCounter
KeReleaseSpinLock
HalGetEnvironmentVariable
KeAcquireQueuedSpinLock
HalReturnToFirmware
KeTryToAcquireQueuedSpinLock
HalSetTimeIncrement
HalGetEnvironmentVariable
HalAllocateCrashDumpRegisters
KeAcquireQueuedSpinLockRaiseToSynch
IoReadPartitionTable
HalHandleNMI
HalSystemVectorDispatchEntry
READ_PORT_BUFFER_USHORT
HalSetBusData
KeReleaseQueuedSpinLock
HalSystemVectorDispatchEntry
HalGetBusData
IoWritePartitionTable
KeStallExecutionProcessor
IoSetPartitionInformation
HalSetTimeIncrement
HalQueryRealTimeClock
HalInitSystem
HalReportResourceUsage
HalQueryRealTimeClock
ExReleaseFastMutex
KdComPortInUse
KfLowerIrql
KfReleaseSpinLock
HalSetProfileInterval
IoReadPartitionTable
KeAcquireQueuedSpinLockRaiseToSynch
KeAcquireQueuedSpinLockRaiseToSynch
IoWritePartitionTable
HalSystemVectorDispatchEntry
HalGetInterruptVector
KeAcquireSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
KeStallExecutionProcessor
HalTranslateBusAddress
KeRaiseIrqlToSynchLevel
HalSetTimeIncrement
ExAcquireFastMutex
READ_PORT_USHORT
HalSetTimeIncrement
HalEndSystemInterrupt
ExReleaseFastMutex
READ_PORT_ULONG
ExReleaseFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
IoWritePartitionTable
HalSetDisplayParameters
HalSetProfileInterval
IoMapTransfer
HalSetProfileInterval
READ_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalInitializeProcessor
IoSetPartitionInformation
IoFreeMapRegisters
HalAllProcessorsStarted
HalMakeBeep
KfAcquireSpinLock
KdComPortInUse
HalRequestIpi
HalEndSystemInterrupt
IoReadPartitionTable
HalSystemVectorDispatchEntry
IoFlushAdapterBuffers
IoReadPartitionTable
HalTranslateBusAddress
READ_PORT_ULONG
KeRaiseIrqlToDpcLevel
WRITE_PORT_UCHAR
HalReportResourceUsage
IoMapTransfer
HalAssignSlotResources
HalMakeBeep
KeFlushWriteBuffer
HalMakeBeep
HalAcquireDisplayOwnership
KfReleaseSpinLock
KeAcquireSpinLock
HalCalibratePerformanceCounter
HalHandleNMI
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ