Static task
static1
General
-
Target
841cc4ba7e978a767347044bd02c90b2_JaffaCakes118
-
Size
26KB
-
MD5
841cc4ba7e978a767347044bd02c90b2
-
SHA1
96565742b86775327bf592c5e01f3626991fc6d4
-
SHA256
6a74b2c2e4f64644de22390a330a462e26fb27b4b03bd4157d5f779913c456a7
-
SHA512
feedc9928af989e5fef0e8711583dabf49972dd5715b854e4a2e9d76c8a8996b5ca58ddd68d31d531639f1e805e2d915de5aa78260df0ee217d6612f38d26f80
-
SSDEEP
384:r4uFHmpW6AApVjvcYfOKq555BH6Y40JnFUyeuQ/9SzvsIUeliQht:rrH1+1fgR6YnFUFIzvs9elth
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 841cc4ba7e978a767347044bd02c90b2_JaffaCakes118
Files
-
841cc4ba7e978a767347044bd02c90b2_JaffaCakes118.sys windows:5 windows x86 arch:x86
0e2a8231350b773bc513529d3f9abb18
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlInitUnicodeString
PsTerminateSystemThread
KeDelayExecutionThread
PsCreateSystemThread
wcscat
wcscpy
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
MmIsAddressValid
ZwUnmapViewOfSection
ZwCreateFile
IoRegisterDriverReinitialization
ZwCreateKey
wcslen
swprintf
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
strncmp
IoGetCurrentProcess
_wcsnicmp
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
PsGetVersion
_wcslwr
wcsncpy
RtlAnsiStringToUnicodeString
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 960B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 610B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ