Static task
static1
General
-
Target
661253b48994a978083797d6c7d7ba79_JaffaCakes118
-
Size
40KB
-
MD5
661253b48994a978083797d6c7d7ba79
-
SHA1
d575890bb91581205a77c055549543ba956c0600
-
SHA256
78895760d4dd10e4db59e69aa5cf17715190c21259bfb66a8ef3aa4bf5f19578
-
SHA512
5b447a9d6c0fa63d951071002314494a3a077f22c873d5f19477da401742d275cda714d2a8d5e93a7f1863d33db813f5eeb72fbe5fac22af7b64349da597d5be
-
SSDEEP
768:imKgzZ/JWhWR5VMP0e7d8t1X6oZPCTQWsY+OPj7eqOm/+tb9HDDgZEbwBSPeHMfm:zKiZ/JWhk2P0o8P60PCsNmj7eqOm/+zG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 661253b48994a978083797d6c7d7ba79_JaffaCakes118
Files
-
661253b48994a978083797d6c7d7ba79_JaffaCakes118.sys windows:4 windows x86 arch:x86
57550390f67985416ffe243a8b97cff0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
_wcsnicmp
wcslen
ObfDereferenceObject
ZwClose
swprintf
ZwOpenKey
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
KeTickCount
KeQueryTimeIncrement
_stricmp
wcsstr
_wcslwr
_snwprintf
ExAllocatePoolWithTag
ZwSetValueKey
ObReferenceObjectByHandle
_wcsicmp
wcsncpy
wcsrchr
wcschr
strncpy
PsLookupProcessByProcessId
KeQuerySystemTime
strncmp
ExFreePool
wcscat
wcscpy
ZwQueryValueKey
_except_handler3
MmIsAddressValid
RtlAnsiStringToUnicodeString
ZwCreateFile
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
MmGetSystemRoutineAddress
ZwDeleteKey
IoGetCurrentProcess
RtlCopyUnicodeString
PsGetVersion
IoDeviceObjectType
RtlCompareUnicodeString
KeDelayExecutionThread
IoRegisterDriverReinitialization
PsCreateSystemThread
ZwCreateKey
ZwSetInformationFile
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 80B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ