Static task
static1
General
-
Target
83df8c8d59a4934b8caa543c4663d827_JaffaCakes118
-
Size
47KB
-
MD5
83df8c8d59a4934b8caa543c4663d827
-
SHA1
f36169717a68609ec2ce287ae7d43ea7e4230c43
-
SHA256
83b9e24b491d6f935f3801348bd5f76dd6d4f7cc01d0f39c403b498799b76add
-
SHA512
869899dcf098e3923b6a4996daf2a6b180ee8418cfa16311ff0c14ebddf26df16aea11ba8b43f5a792792ee80394a4c243f8bcc5bada5c0438b861d16a8502a0
-
SSDEEP
768:igUKGMxrykWDRIcBqxxW77kvCyTEkCOn3PRUpa5x74M5LUO58UvKL82NWIxzIeEP:i/KGMokCIcgjlCAMOn3JUpO15LUO58U5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 83df8c8d59a4934b8caa543c4663d827_JaffaCakes118
Files
-
83df8c8d59a4934b8caa543c4663d827_JaffaCakes118.sys windows:4 windows x86 arch:x86
d020de1b97ea3330beaa7f1edf65bf8e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strlen
ZwClose
ZwWriteFile
ZwCreateFile
RtlInitUnicodeString
strncmp
PsGetProcessImageFileName
PsLookupProcessByProcessId
ZwSetValueKey
ZwCreateKey
memset
ExAllocatePoolWithTag
memcpy
KeReleaseMutex
RtlEqualUnicodeString
KeWaitForSingleObject
_except_handler3
ExFreePoolWithTag
RtlFreeUnicodeString
RtlCopyUnicodeString
RtlAppendUnicodeToString
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
MmIsAddressValid
RtlAppendUnicodeStringToString
ZwOpenFile
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 192B - Virtual size: 188B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 800B - Virtual size: 792B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 480B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ