Static task
static1
General
-
Target
66ebf0629002e7e3b7b83a7af124b379_JaffaCakes118
-
Size
40KB
-
MD5
66ebf0629002e7e3b7b83a7af124b379
-
SHA1
6cdfd4ee0552d03b00a99cec8b3bef686a8cb064
-
SHA256
d9ce7307b01eaf08c2c6bb7c2ec4fa9658a35369cec11c04d6278398f2458b03
-
SHA512
75774ce78386355a17fb0ef77a89240f7018fa24278a10f0693308909dfc40bece686a11abc7f12f2a5480944e7aeb7564aa8c3f203b97d91e6fd749633777ed
-
SSDEEP
768:Z6qoPieO196QwzYIwC7/9yI8Ni/66JDAGq6NB92Jkw87q97DSYTSCeKIUDVkgP75:cZQwWi/66JDv9NKA7q97DVtVxPT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 66ebf0629002e7e3b7b83a7af124b379_JaffaCakes118
Files
-
66ebf0629002e7e3b7b83a7af124b379_JaffaCakes118.sys windows:4 windows x86 arch:x86
72f1580f9548823921cdd604f7e5bedd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
IoGetCurrentProcess
ZwClose
ZwCreateFile
RtlInitUnicodeString
swprintf
ObfDereferenceObject
_wcsnicmp
wcslen
MmGetSystemRoutineAddress
RtlCompareUnicodeString
ZwQueryValueKey
ExFreePool
ExAllocatePoolWithTag
PsLookupProcessByProcessId
_stricmp
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
strncmp
ZwOpenKey
ZwSetInformationFile
wcscpy
ZwSetValueKey
_except_handler3
PsCreateSystemThread
ObReferenceObjectByHandle
MmIsAddressValid
wcsncpy
wcsrchr
PsGetVersion
wcsstr
_wcslwr
KeTickCount
KeQueryTimeIncrement
wcscat
_wcsicmp
_snwprintf
IoRegisterDriverReinitialization
IoDeviceObjectType
_snprintf
ZwDeleteKey
wcschr
RtlCopyUnicodeString
KeDelayExecutionThread
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwCreateKey
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 61B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ