Static task
static1
General
-
Target
733d12e2242b69e9604e87d3932274ac_JaffaCakes118
-
Size
35KB
-
MD5
733d12e2242b69e9604e87d3932274ac
-
SHA1
b1eec4bd721dbb43cf50875c023d137e77690742
-
SHA256
011118ef7440c11ce8534ea51512c5aab78945ab9176d76597de1592b81e1988
-
SHA512
153f311c626dd617174d947cab8c637a4c0b263bff85c7ae307cc262f7a2242f6aefa3f7835cf1fe5c968bed736b21a4a094e599a8e9e1297ad97b3620845ed2
-
SSDEEP
768:UbegKm/XyrDAIWsX93hSnVvX242IhD3Mg0AqO4mwERCouC72UZ:gxPirbsVOM6AMpER9UUZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 733d12e2242b69e9604e87d3932274ac_JaffaCakes118
Files
-
733d12e2242b69e9604e87d3932274ac_JaffaCakes118.sys windows:5 windows x86 arch:x86
ac694e00a2633d6bf820fd81450354a7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsCreateSystemThread
RtlInitUnicodeString
memcpy
RtlCompareUnicodeString
RtlFreeAnsiString
atoi
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
memset
ExAllocatePoolWithTag
ExFreePool
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 128B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 348B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 294B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ