Static task
static1
General
-
Target
709f8406e8dd3b2e9bc5c2033f69d1fa_JaffaCakes118
-
Size
96KB
-
MD5
709f8406e8dd3b2e9bc5c2033f69d1fa
-
SHA1
c9c0132a1ddfb27cead2113de2e6629904c8db16
-
SHA256
c1957c0a0efb40aa4eb87826e8bf9dad500a5ca2d5835fe7372fc97f430daa3f
-
SHA512
5b39c85a71be767399b1daa79da1b3561a89cc42cfee0e745d48e1ae30a236dd38d2ebb220b84a26d5fd80d6c81973ca448a8fc3aa37aec7130f6bfb24628059
-
SSDEEP
1536:kBoGFGE1szrPAJuTCJtF6FOBzmoZNB1/D65l1wD5pxjwCJtF6F:ahxszrPpKtF6qqEN/O1I5pxjPtF6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 709f8406e8dd3b2e9bc5c2033f69d1fa_JaffaCakes118
Files
-
709f8406e8dd3b2e9bc5c2033f69d1fa_JaffaCakes118.sys windows:5 windows x86 arch:x86
3a0334333f6e1fb74bf51762b321d4d2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoAllocateDriverObjectExtension
KeSetEvent
memmove
_allshl
KeReleaseMutex
KeWaitForSingleObject
KeInitializeEvent
IoQueueWorkItem
IofCompleteRequest
IoFreeWorkItem
IoAllocateWorkItem
_aullshr
KeTickCount
ZwCreateKey
ZwOpenKey
KeBugCheckEx
KeInitializeSpinLock
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
MmLockPagableDataSection
_allshr
IoSetHardErrorOrVerifyDevice
IoSetStartIoAttributes
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
IoStartPacket
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
RtlInitUnicodeString
WmiQueryTraceInformation
WmiTraceMessage
_allmul
IoStartNextPacket
hal
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
classpnp.sys
ClassDeviceControl
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassResetMediaChangeTimer
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassScanForSpecial
ClassReleaseQueue
ClassInterpretSenseInfo
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassFindModePage
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHIT2 Size: 128B - Virtual size: 101B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHITA Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGETOSH Size: 640B - Virtual size: 526B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 384B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ