Static task
static1
General
-
Target
835cd9084b60af5655735ec2f97bb703_JaffaCakes118
-
Size
736KB
-
MD5
835cd9084b60af5655735ec2f97bb703
-
SHA1
5c4dad2b3de8c6d86eb13452e3f0010ff2aaaf38
-
SHA256
38671dac11f73f6d541f89ca90ac579f7f718568a06aac79a1d6ddc33cc6bea4
-
SHA512
c2d10348ae3c7266db9068a5a721a5f7b56e0f9afcd504c6033e34643d04829e7bc4ed6762a2e197a4c9c1b63706026b084f94136715ac9495b68fd51ae607d9
-
SSDEEP
12288:nwZm8a+7V/EmOGgjsppDh3BYxbKcJuz2YbDdfDGrOGJROwkqPUFo/lnRtdqAz:omd6UGg25h38bKcwz2SBKrLcwkTCRt5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 835cd9084b60af5655735ec2f97bb703_JaffaCakes118
Files
-
835cd9084b60af5655735ec2f97bb703_JaffaCakes118.sys windows:4 windows x86 arch:x86
eaed2a05d159cd0141129ce30b4ed96a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeBugCheckEx
ExAllocatePoolWithTag
KeWaitForSingleObject
KeInitializeEvent
KeSetEvent
ZwClose
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
PoCallDriver
IoFreeIrp
ObfDereferenceObject
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
IoDetachDevice
RtlFreeUnicodeString
IoAllocateIrp
MmMapLockedPagesSpecifyCache
KeInitializeDpc
RtlQueryRegistryValues
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
ExFreePool
IoQueueWorkItem
IoAllocateMdl
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
IoCancelIrp
IoRegisterDeviceInterface
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PsCreateSystemThread
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
KeInsertQueueDpc
PsTerminateSystemThread
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
KeResetEvent
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
ZwCreateKey
KeQueryTimeIncrement
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
ZwCreateFile
RtlWriteRegistryValue
ZwQuerySystemInformation
MmProbeAndLockPages
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer
Sections
.text Size: 314KB - Virtual size: 313KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 401KB - Virtual size: 401KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ