Static task
static1
General
-
Target
89264c2047b8619dc6bac08a0541964c_JaffaCakes118
-
Size
2.3MB
-
MD5
89264c2047b8619dc6bac08a0541964c
-
SHA1
5d06521cd14df86a979ab1ebecf843083bc060bd
-
SHA256
eca52e74694a7eb709c9da9966af2a533a04029dd883723f6311dee35e6e5c79
-
SHA512
1b8f9736a58583f93461b784e9bd4521a26af9c64f9ff9a25b57ab8a7d0e925167c0c70f372463fd0f7c2132e01a9aef1ff02d9a307277ff6d105408f25c7c19
-
SSDEEP
49152:YTJg8FaS1YoLcbvh+xoNPpJ6hRuCA7EaTnCz/f5nJLwfVzunfn:QgS1YF0o/8hQCA7xzaF6t
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 89264c2047b8619dc6bac08a0541964c_JaffaCakes118
Files
-
89264c2047b8619dc6bac08a0541964c_JaffaCakes118.sys windows:5 windows x86 arch:x86
e8b04d990afe052cce5d95094194af14
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateFile
ZwSetInformationFile
ZwWriteFile
ZwQueryInformationFile
RtlCompareMemory
ZwReadFile
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ExSystemTimeToLocalTime
KeQuerySystemTime
KeQueryTimeIncrement
KeTickCount
_allmul
ZwAllocateVirtualMemory
ZwOpenProcess
ZwFreeVirtualMemory
KeDelayExecutionThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
ObfDereferenceObject
PsCreateSystemThread
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
ZwNotifyChangeKey
_wcsicmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcscpy
memmove
PsLookupProcessByProcessId
RtlTimeToTimeFields
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
MmUnsecureVirtualMemory
ObQueryNameString
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ExUuidCreate
strstr
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
MmUnlockPages
MmProbeAndLockProcessPages
KeSetEvent
KeDetachProcess
KeAttachProcess
wcscat
KeCancelTimer
KeSetTimerEx
NtAllocateVirtualMemory
KeInsertQueueApc
KeInitializeApc
PsLookupThreadByThreadId
PsGetCurrentThreadId
ZwClose
KeResetEvent
MmIsAddressValid
KeServiceDescriptorTable
KeAddSystemServiceTable
PsGetCurrentProcessId
ExGetPreviousMode
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
ExfInterlockedInsertTailList
NtAddAtom
MmProbeAndLockPages
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCompareString
RtlInitString
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
IofCompleteRequest
ExfInterlockedInsertHeadList
IoDeleteDevice
IoCreateSymbolicLink
IoRegisterShutdownNotification
IoCreateDevice
IoDetachDevice
PoCallDriver
PoStartNextPowerIrp
PsTerminateSystemThread
KeWaitForMultipleObjects
KeReleaseMutex
KeReadStateEvent
PsSetCreateProcessNotifyRoutine
ExUnregisterCallback
KeClearEvent
ExfInterlockedRemoveHeadList
ExRegisterCallback
ExCreateCallback
KeInitializeSpinLock
KeInitializeTimerEx
IoCreateNotificationEvent
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
ExInitializeResourceLite
InitSafeBootMode
PsGetVersion
ExIsResourceAcquiredExclusiveLite
ExAcquireResourceSharedLite
ExIsResourceAcquiredSharedLite
ZwOpenFile
ZwWaitForSingleObject
ZwQueryDirectoryFile
ZwCreateEvent
_except_handler3
wcscmp
wcslen
wcsncpy
ExFreePoolWithTag
IoCreateSynchronizationEvent
ExAllocatePoolWithTag
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
Sections
.text Size: 123KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 200KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ