Static task
static1
General
-
Target
821eb01b643f1791ef272f5a82af4c45_JaffaCakes118
-
Size
48KB
-
MD5
821eb01b643f1791ef272f5a82af4c45
-
SHA1
651d3bb6ebd2aae8b6e32e394f81d8403f049ce6
-
SHA256
d35f5d924dfe42ffc3c7292e6699414972f5591ee6aec7413de951c21c572316
-
SHA512
58fb081e6e2f9c8a5582c20f1594580b1e91a790c64c355758a29eba8ce1c4abe4dde9ac586f1336ff24f84bb3e103099b292699f21e41f279448ded3000e739
-
SSDEEP
384:PScatnGMyPq9gD8PLvdBkF6jSxcZjBqs68Nd2d64FxdlaXSguV:PxknGBq9gD8xBaRxews60Q647
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 821eb01b643f1791ef272f5a82af4c45_JaffaCakes118
Files
-
821eb01b643f1791ef272f5a82af4c45_JaffaCakes118.sys windows:4 windows x86 arch:x86
ec6bcf2ed431437530ad5e69ceef8b46
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
HalAllProcessorsStarted
HalSetBusData
KeAcquireQueuedSpinLock
HalSetEnvironmentVariable
HalHandleNMI
KeTryToAcquireQueuedSpinLock
ExAcquireFastMutex
KfRaiseIrql
WRITE_PORT_ULONG
HalRequestIpi
HalRequestIpi
HalDisplayString
KeGetCurrentIrql
KeReleaseSpinLock
KeReleaseSpinLock
HalSetBusDataByOffset
ExAcquireFastMutex
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_ULONG
HalInitializeProcessor
IoReadPartitionTable
HalStartNextProcessor
READ_PORT_ULONG
IoFreeAdapterChannel
READ_PORT_ULONG
IoReadPartitionTable
IoMapTransfer
READ_PORT_UCHAR
HalAssignSlotResources
HalAllocateCrashDumpRegisters
HalHandleNMI
HalSetBusData
KfReleaseSpinLock
HalGetBusData
HalMakeBeep
WRITE_PORT_UCHAR
KeQueryPerformanceCounter
WRITE_PORT_ULONG
HalClearSoftwareInterrupt
HalSetProfileInterval
KfReleaseSpinLock
HalQueryRealTimeClock
HalEndSystemInterrupt
READ_PORT_BUFFER_ULONG
WRITE_PORT_UCHAR
HalClearSoftwareInterrupt
KeAcquireSpinLock
HalSetBusDataByOffset
KeAcquireQueuedSpinLockRaiseToSynch
HalAllocateCommonBuffer
HalStartProfileInterrupt
READ_PORT_USHORT
HalSetDisplayParameters
READ_PORT_USHORT
READ_PORT_BUFFER_UCHAR
HalSetBusDataByOffset
HalSetProfileInterval
IoSetPartitionInformation
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalReportResourceUsage
HalReturnToFirmware
KeStallExecutionProcessor
KeReleaseSpinLock
KfRaiseIrql
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalAllProcessorsStarted
KfAcquireSpinLock
HalClearSoftwareInterrupt
ExAcquireFastMutex
HalSetBusDataByOffset
HalQueryDisplayParameters
HalGetInterruptVector
HalCalibratePerformanceCounter
HalFlushCommonBuffer
HalMakeBeep
KeReleaseQueuedSpinLock
KeLowerIrql
HalGetAdapter
HalProcessorIdle
KeTryToAcquireQueuedSpinLockRaiseToSynch
HalReadDmaCounter
KeAcquireSpinLockRaiseToSynch
ntoskrnl.exe
FsRtlUninitializeOplock
strncat
NtVdmControl
RtlLargeIntegerShiftLeft
FsRtlPrepareMdlWrite
KeInitializeMutex
CcGetFileObjectFromSectionPtrs
RtlCompareMemoryUlong
RtlNtStatusToDosErrorNoTeb
ExAcquireResourceExclusiveLite
FsRtlIsTotalDeviceFailure
mbtowc
MmMapUserAddressesToPage
IoFreeMdl
ExCreateCallback
ZwQueryDefaultLocale
RtlAnsiStringToUnicodeSize
FsRtlCurrentBatchOplock
IoFreeWorkItem
KeInitializeEvent
IoSynchronousPageWrite
PoCallDriver
IoQueryVolumeInformation
MmDisableModifiedWriteOfSection
RtlDestroyAtomTable
ExfInterlockedAddUlong
RtlDeleteAce
IoSetThreadHardErrorMode
CcUnpinData
InterlockedIncrement
PoSetHiberRange
_stricmp
RtlInitString
ExEventObjectType
ZwWaitForSingleObject
RtlUpcaseUnicodeStringToOemString
KeInsertQueueDpc
MmAdjustWorkingSetSize
Exi386InterlockedExchangeUlong
MmFreeContiguousMemorySpecifyCache
NlsMbCodePageTag
IoRequestDeviceEject
SeSystemDefaultDacl
KdEnableDebugger
RtlGetDaclSecurityDescriptor
ExCreateCallback
NtQueryEaFile
LsaCallAuthenticationPackage
MmCanFileBeTruncated
ZwEnumerateValueKey
RtlRemoveUnicodePrefix
SeAccessCheck
RtlIsGenericTableEmpty
KeRestoreFloatingPointState
SeCreateClientSecurity
FsRtlCopyRead
ZwResetEvent
wcsrchr
_strrev
WRITE_REGISTER_BUFFER_UCHAR
RtlUnicodeToMultiByteN
FsRtlGetNextMcbEntry
IofCallDriver
ExAcquireResourceSharedLite
SeSetAccessStateGenericMapping
RtlUlongByteSwap
RtlDeleteRegistryValue
wcscpy
MmIsAddressValid
ObReleaseObjectSecurity
FsRtlMdlReadDev
CcScheduleReadAhead
RtlAnsiStringToUnicodeString
FsRtlGetNextLargeMcbEntry
PsInitialSystemProcess
RtlFindLeastSignificantBit
ZwSetInformationThread
ExUuidCreate
IoReleaseRemoveLockAndWaitEx
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ