Static task
static1
General
-
Target
82498d02938dfffda752aeb2e874a64c_JaffaCakes118
-
Size
40KB
-
MD5
82498d02938dfffda752aeb2e874a64c
-
SHA1
b53430134e836a3fef95692999660b96e7c8a6cd
-
SHA256
ca78581eabb5a04963d7db896149c85c9be0592d68441cc31af8c30c9b7bdee7
-
SHA512
9fc41321aeefb89fe12e3a69dde37a7ff873fea823524363cb1f18c26a31ff7cd22786df03be4e69b829ac6cc79649b44ccdb693533db045bff5de1b69873d44
-
SSDEEP
768:AKFuS+deYodaOwxXnj8JdnEiTCUUJWqjC+Iyog9MOmZWI9Vhd4as:DjMeYmDej8JdEiDUlmTyog9MPDn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 82498d02938dfffda752aeb2e874a64c_JaffaCakes118
Files
-
82498d02938dfffda752aeb2e874a64c_JaffaCakes118.sys windows:4 windows x86 arch:x86
5037c9f9fdd3bc44f5eccfa2f5a448d1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
KeQuerySystemTime
_wcsicmp
swprintf
strncpy
IoGetCurrentProcess
ZwClose
IofCompleteRequest
RtlCompareUnicodeString
ZwCreateFile
ZwDeleteKey
RtlCopyUnicodeString
wcsstr
_wcslwr
wcslen
ZwQueryValueKey
ZwOpenKey
_except_handler3
ExFreePool
_snprintf
ExAllocatePoolWithTag
_wcsnicmp
ObfDereferenceObject
wcsncpy
wcsrchr
ZwCreateKey
strncmp
ZwSetInformationFile
wcscpy
MmIsAddressValid
ObReferenceObjectByHandle
_snwprintf
wcscat
KeDelayExecutionThread
MmGetSystemRoutineAddress
_stricmp
PsCreateSystemThread
PsGetVersion
IoRegisterDriverReinitialization
KeTickCount
KeQueryTimeIncrement
PsSetCreateProcessNotifyRoutine
IoDeviceObjectType
PsLookupProcessByProcessId
wcschr
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 65B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ