Static task
static1
General
-
Target
896acd48e472f25a6fbb0984d3e6b332_JaffaCakes118
-
Size
40KB
-
MD5
896acd48e472f25a6fbb0984d3e6b332
-
SHA1
31e13272631edb15a1d7caf10f799e475274e393
-
SHA256
f01b1aa3e7b5d80a2abef164509f3baf92ca10af65cef13f09c9c7652fe54f3b
-
SHA512
3661ded84574b108aa2ee04d39ed236f39293191c838f79776b3d93af8d75b0f2eb168a0a240a7ee5f69072ad859d3ade85b60ee379ac3319b4a1f4214c8271b
-
SSDEEP
768:wPF9td/dP7f5ND1mDx4RbMlYR7uttIdXwiBGuoX40I6vz3xz7K4HGBWr:8/dDvD106Q2R7utUgiBGua4JyGB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 896acd48e472f25a6fbb0984d3e6b332_JaffaCakes118
Files
-
896acd48e472f25a6fbb0984d3e6b332_JaffaCakes118.sys windows:4 windows x86 arch:x86
81c2f9427b635c526b55997da62de7f4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
PsGetVersion
swprintf
ZwOpenKey
PsSetCreateProcessNotifyRoutine
PsCreateSystemThread
ZwCreateFile
KeQuerySystemTime
RtlAnsiStringToUnicodeString
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
ZwSetValueKey
wcslen
_wcsicmp
wcsrchr
_wcsnicmp
ObfDereferenceObject
strncmp
strncpy
ZwDeleteKey
_except_handler3
_stricmp
wcsstr
_wcslwr
KeDelayExecutionThread
RtlCompareUnicodeString
PsLookupProcessByProcessId
wcscat
wcscpy
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwCreateKey
IofCompleteRequest
KeTickCount
KeQueryTimeIncrement
ObReferenceObjectByHandle
_snwprintf
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
ZwSetInformationFile
wcschr
IoDeviceObjectType
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 59B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ