Static task
static1
General
-
Target
6a10f4fdba836ee924c7369c767ac219_JaffaCakes118
-
Size
765KB
-
MD5
6a10f4fdba836ee924c7369c767ac219
-
SHA1
7637a1adcb02d68d9a22f9d40c4f3ce141bd9953
-
SHA256
b4998370a7652b6df0671c5925cce8f9ca3f28c268b32701bd833a353b5c6cfa
-
SHA512
fddc7270005c709dfb06bc94b807da46eb0d3687e9096bfb853c484b22d0667113398e8462d073dc892a95db05427f757b04fb67aa56230df04d143546081491
-
SSDEEP
12288:BpN1Xz1A+s33YT8cglZsKeTARyX53OhJavlhcy6LUHH/ceHTq4fuUoU3bvAaFwxp:DTzZuYbayAU5+hJa9ey6UHfhzq4PU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6a10f4fdba836ee924c7369c767ac219_JaffaCakes118
Files
-
6a10f4fdba836ee924c7369c767ac219_JaffaCakes118.sys windows:4 windows x86 arch:x86
bba01f9556181b53f944c3b71bb8cbff
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
IoInitializeTimer
strncpy
RtlFindLongestRunClear
RtlFindRange
KeReadStateEvent
LpcRequestWaitReplyPort
RtlFindClearRuns
ExReleaseFastMutexUnsafe
SeSetAccessStateGenericMapping
KeBugCheckEx
ExFreeToPagedLookasideList
RtlIsGenericTableEmpty
ZwSetEaFile
CcPurgeCacheSection
PsAssignImpersonationToken
IoPageRead
IoInvalidateDeviceState
LdrEnumResources
CcGetFileObjectFromBcb
ExAcquireResourceExclusiveLite
KeProfileInterruptWithSource
_wcsupr
ZwSetInformationThread
RtlAnsiStringToUnicodeSize
_strlwr
ExfInterlockedAddUlong
RtlSubtreeSuccessor
PoUnregisterSystemState
NtCreateSection
SeLockSubjectContext
KdPollBreakIn
IoIsFileOriginRemote
RtlAbsoluteToSelfRelativeSD
FsRtlGetNextLargeMcbEntry
MmUserProbeAddress
ZwMapViewOfSection
PsReferenceImpersonationToken
ZwCreateDirectoryObject
ExEventObjectType
READ_REGISTER_USHORT
ExDisableResourceBoostLite
RtlAnsiStringToUnicodeString
IoCreateDevice
RtlSelfRelativeToAbsoluteSD2
IoGetRequestorProcess
RtlPinAtomInAtomTable
KeQuerySystemTime
RtlOemStringToUnicodeString
ZwSetInformationProcess
RtlUpcaseUnicodeStringToAnsiString
CcScheduleReadAhead
IoFreeController
RtlCreateUnicodeString
srand
IoQueryDeviceDescription
MmAddPhysicalMemory
ExInterlockedExchangeUlong
MmUnmapViewInSystemSpace
IoBuildAsynchronousFsdRequest
FsRtlPrivateLock
RtlImageNtHeader
CcUnpinRepinnedBcb
IoAttachDevice
SeQuerySecurityDescriptorInfo
FsRtlIsDbcsInExpression
MmMapMemoryDumpMdl
atol
KeSetTimerEx
IoGetDriverObjectExtension
ZwOpenEvent
IoGetInitialStack
FsRtlAllocatePoolWithQuotaTag
ExIsProcessorFeaturePresent
KeRundownQueue
ExRaiseHardError
CcDeferWrite
RtlEnlargedUnsignedDivide
ZwConnectPort
MmGetPhysicalMemoryRanges
IoDeleteController
LpcPortObjectType
ExReinitializeResourceLite
IoReportResourceForDetection
IoCreateSymbolicLink
ZwDuplicateToken
KeInsertDeviceQueue
RtlQueryTimeZoneInformation
Sections
.text Size: 349KB - Virtual size: 349KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 402KB - Virtual size: 401KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ