Static task
static1
General
-
Target
6636ceb4f50ac93852eab7d9a24a9d70_JaffaCakes118
-
Size
46KB
-
MD5
6636ceb4f50ac93852eab7d9a24a9d70
-
SHA1
3f6e40e7a5fe1fa36f86aeb6f9ec834cbb82d9a0
-
SHA256
78eafd0de831ebe7cafd1613d15208d18724826fa2c98b6ff08ff4e23d3b9f76
-
SHA512
be1a06724131e2d203ef73e27497f9c28f50028222f226b2541169c23db38e291135559bcb923bc704309f51e399f614f08e05c5c637c1a4c4502f6928629a9d
-
SSDEEP
384:CKKBAfGZF1HXGBlFbdGJrMgd7T8hKJbUp2KJpSEMdQI8IPiYJq6zbvbTfb:CKWjZF1HudGqgN8WUsKlyQJq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6636ceb4f50ac93852eab7d9a24a9d70_JaffaCakes118
Files
-
6636ceb4f50ac93852eab7d9a24a9d70_JaffaCakes118.sys windows:4 windows x86 arch:x86
98bd0f8b9b2d6a7ce2f7026072566905
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PoRequestPowerIrp
HalDispatchTable
WRITE_REGISTER_ULONG
InbvIsBootDriverInstalled
NtQueryInformationFile
wcscmp
KeSetEvent
RtlDeleteOwnersRanges
NtQueryInformationFile
KiIpiServiceRoutine
IoInitializeRemoveLockEx
RtlInvertRangeList
RtlSetSaclSecurityDescriptor
ZwQuerySection
NlsOemCodePage
RtlNextUnicodePrefix
RtlGetDefaultCodePage
IoSetShareAccess
RtlUshortByteSwap
SeSetSecurityDescriptorInfo
RtlInitializeGenericTable
RtlUpcaseUnicodeStringToCountedOemString
MmSetAddressRangeModified
FsRtlGetNextFileLock
FsRtlInitializeMcb
_snwprintf
RtlLargeIntegerShiftRight
IoCheckQuerySetFileInformation
RtlAddAce
vsprintf
KeProfileInterruptWithSource
DbgLoadImageSymbols
LsaCallAuthenticationPackage
KePulseEvent
ZwSetInformationThread
READ_REGISTER_UCHAR
MmMapLockedPages
FsRtlUninitializeOplock
ZwQuerySecurityObject
IoSetTopLevelIrp
LsaRegisterLogonProcess
IoCreateUnprotectedSymbolicLink
ZwSetInformationThread
ZwOpenThreadToken
IoGetStackLimits
RtlStringFromGUID
InbvSolidColorFill
MmSecureVirtualMemory
IoWMIWriteEvent
MmAdjustWorkingSetSize
FsRtlIsDbcsInExpression
IoAttachDeviceByPointer
KeFindConfigurationEntry
NtUnlockFile
LpcRequestWaitReplyPort
FsRtlIsNtstatusExpected
ZwQuerySecurityObject
IoFastQueryNetworkAttributes
LpcPortObjectType
FsRtlFastUnlockAllByKey
ZwDuplicateObject
KeI386GetLid
RtlFindClearBitsAndSet
MmSecureVirtualMemory
MmSystemRangeStart
CcGetFileObjectFromSectionPtrs
NlsLeadByteInfo
wcsncat
PsEstablishWin32Callouts
RtlQueryRegistryValues
RtlEnlargedIntegerMultiply
atoi
MmFreeContiguousMemorySpecifyCache
SeLockSubjectContext
RtlUnicodeToCustomCPN
KdDisableDebugger
KeSetKernelStackSwapEnable
ObOpenObjectByPointer
READ_REGISTER_BUFFER_USHORT
LsaCallAuthenticationPackage
SeImpersonateClientEx
FsRtlDoesNameContainWildCards
MmMapViewInSessionSpace
RtlMergeRangeLists
KeInitializeTimer
ZwFreeVirtualMemory
RtlLargeIntegerSubtract
KeInitializeSemaphore
KeI386AllocateGdtSelectors
ZwDuplicateToken
HalPrivateDispatchTable
DbgBreakPoint
MmPageEntireDriver
ObfReferenceObject
RtlAnsiCharToUnicodeChar
IoUnregisterShutdownNotification
ZwSetInformationFile
ZwQueryVolumeInformationFile
RtlUpcaseUnicodeToOemN
RtlInsertUnicodePrefix
ExInitializeResourceLite
ExGetExclusiveWaiterCount
SePublicDefaultDacl
KeStackAttachProcess
CcGetFlushedValidData
KiDeliverApc
KeRemoveEntryDeviceQueue
RtlUlongByteSwap
CcDeferWrite
RtlCreateHeap
ExInterlockedIncrementLong
IoCheckQuerySetVolumeInformation
KeLoaderBlock
IoGetDeviceObjectPointer
READ_REGISTER_USHORT
ObfDereferenceObject
NtDeviceIoControlFile
ZwSetInformationProcess
RtlUlonglongByteSwap
ZwDeleteFile
ZwOpenEvent
RtlUnicodeStringToOemSize
ExInitializeZone
ObGetObjectSecurity
KeReleaseMutex
LpcRequestPort
FsRtlLegalAnsiCharacterArray
RtlVolumeDeviceToDosName
FsRtlAreNamesEqual
RtlCharToInteger
CcGetFileObjectFromBcb
ExfInterlockedInsertTailList
RtlPrefixString
IoIsWdmVersionAvailable
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ