Static task
static1
General
-
Target
732c6a8e6da09d9d09456fec1fed6ab9_JaffaCakes118
-
Size
40KB
-
MD5
732c6a8e6da09d9d09456fec1fed6ab9
-
SHA1
378431cd1f5ffab46359d71a28b17193d1b03665
-
SHA256
2fc87d312686c4626cf0b56fee87750ffb51296b24cab1577caabe215fe3ba18
-
SHA512
b7d23c90cbe28caba1bdaa563f3218dee17e7eee0520e6b186202a91978c80e75e558986983270de39de18f8788e4950e7fbdee6db1878b9357f30e2ba4482b7
-
SSDEEP
768:0oX5YCm9i7vo6ovsmjNPifoxd2qNEEF72LX3vheQ76tp7q5WuqltBY9+wzw7Xigs:0oX5YCH7vo60sm6oxd2q1F72zi/+5WP0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 732c6a8e6da09d9d09456fec1fed6ab9_JaffaCakes118
Files
-
732c6a8e6da09d9d09456fec1fed6ab9_JaffaCakes118.sys windows:4 windows x86 arch:x86
fce24d699332d9a96aeeb164f92a00e2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoRegisterDriverReinitialization
ObfDereferenceObject
ZwClose
ZwSetInformationFile
ZwCreateFile
RtlInitUnicodeString
wcslen
wcscpy
swprintf
IofCompleteRequest
ObReferenceObjectByHandle
ZwSetValueKey
MmIsAddressValid
wcsncpy
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
_snprintf
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoDeviceObjectType
_stricmp
wcsstr
_wcslwr
ZwCreateKey
strncpy
PsLookupProcessByProcessId
RtlCopyUnicodeString
PsCreateSystemThread
_wcsicmp
wcsrchr
wcscat
strncmp
RtlCompareUnicodeString
PsSetCreateProcessNotifyRoutine
_wcsnicmp
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snwprintf
wcschr
ZwDeleteKey
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 58B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ