Static task
static1
General
-
Target
847d7a47b29c457b732e3f30662c2f7e_JaffaCakes118
-
Size
20KB
-
MD5
847d7a47b29c457b732e3f30662c2f7e
-
SHA1
8b964049d1b99381367e554e64158e4a0364b4ef
-
SHA256
f565fe1e3e80ec20b2f04dce413091537abb459817dda0efbfe9dc39781a2743
-
SHA512
53450359c68643571e933963611065eea2d6c940f742cd905ad5119141d57cdd54a0acb6c9b29acb14ac049f02926e12d90c2176d8af2291d81e20bbe4818856
-
SSDEEP
384:oKyQH9kS5ckehD9TYQlCujeJBAjMHsIpiKnE4T7pYF4u3UVaDwBt3oZSbMtGPSxR:oKyyt3ehNmsIpiKE4T7pYF4u3UVaDwBl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 847d7a47b29c457b732e3f30662c2f7e_JaffaCakes118
Files
-
847d7a47b29c457b732e3f30662c2f7e_JaffaCakes118.sys windows:4 windows x86 arch:x86
77b8d06e53fa2848afd4a47d59e0258e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
RtlInitUnicodeString
KeServiceDescriptorTable
ExFreePool
ZwWriteFile
ExAllocatePoolWithTag
ZwCreateFile
wcscpy
_snwprintf
ZwEnumerateKey
wcscat
strncmp
IoGetCurrentProcess
_except_handler3
IofCompleteRequest
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
strstr
ZwQueryValueKey
ZwCreateKey
_wcsnicmp
wcslen
PsGetVersion
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
_stricmp
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 902B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ