Static task
static1
General
-
Target
84d010dd644d875599dcba656b8f19ba_JaffaCakes118
-
Size
74KB
-
MD5
84d010dd644d875599dcba656b8f19ba
-
SHA1
26817432a7b77d2b3fbfbc7dba2f734577491f48
-
SHA256
acfbab8d04830c0aa8701a9ac1aa11e26802653eb7a2429724463ac42411c056
-
SHA512
5aece68a6bd290613d316a6e9c2a9a8b4f8e3916aad845be4734f8c6ec06f35334fae81745f102f5e46a2154f93e2edf3c16278f167417bf28c8b8f63178e6bd
-
SSDEEP
1536:K6pnkUpMWnSDor5edg+mSYeHy9eNIiv6RDs4/1w3esAey4:K6pnR6WSDorfNeSjHj+3j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 84d010dd644d875599dcba656b8f19ba_JaffaCakes118
Files
-
84d010dd644d875599dcba656b8f19ba_JaffaCakes118.sys windows:5 windows x86 arch:x86
04c12401dc55a9e9470bbbcf0b7f7f83
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
MmIsDriverVerifying
MmLockPagableDataSection
DbgPrompt
DbgBreakPoint
MmUnlockPagableImageSection
ZwQueryVolumeInformationFile
IoBuildDeviceIoControlRequest
IoCancelIrp
MmBuildMdlForNonPagedPool
IoGetCurrentProcess
memmove
IoGetTopLevelIrp
KeTickCount
KeWaitForMultipleObjects
MmProbeAndLockProcessPages
MmMapLockedPagesSpecifyCache
KeClearEvent
KeInitializeSemaphore
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeReleaseSemaphore
ProbeForRead
ProbeForWrite
KeQueryInterruptTime
ZwUnloadDriver
ZwLoadDriver
MmHighestUserAddress
MmIsNonPagedSystemAddressValid
ExRaiseStatus
IoAllocateMdl
MmProbeAndLockPages
RtlCompareMemory
IoReuseIrp
IoAllocateIrp
IoFileObjectType
ZwEnumerateKey
ExAllocatePoolWithTag
KeInitializeTimer
KeInitializeDpc
IoGetDeviceObjectPointer
KeSetTimerEx
MmQuerySystemSize
MmIsThisAnNtAsSystem
IoGetAttachedDeviceReference
KeNumberProcessors
IoCreateSymbolicLink
IoDeleteSymbolicLink
MmPageEntireDriver
MmResetDriverPaging
MmGetSystemRoutineAddress
ZwOpenKey
ZwQueryValueKey
IofCallDriver
IofCompleteRequest
ExInitializeResourceLite
IoSetTopLevelIrp
ZwCreateFile
ObReferenceObjectByHandle
IoGetRelatedDeviceObject
ZwClose
KeInitializeSpinLock
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExAcquireResourceExclusiveLite
SeSinglePrivilegeCheck
KeDelayExecutionThread
IoFreeIrp
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
KeBugCheckEx
IoGetStackLimits
ObfReferenceObject
MmUnlockPages
IoFreeMdl
ExGetPreviousMode
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
RtlEqualUnicodeString
ExQueueWorkItem
IoDetachDevice
KeInitializeEvent
IoCreateDevice
IoDeleteDevice
ExReleaseResourceLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ObfDereferenceObject
RtlCompareUnicodeString
ZwReadFile
PsGetCurrentProcessId
ExDeleteResourceLite
RtlInitUnicodeString
hal
KfRaiseIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 570B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ