Static task
static1
General
-
Target
8994f3fd6bea90a8a947ffda553322f2_JaffaCakes118
-
Size
48KB
-
MD5
8994f3fd6bea90a8a947ffda553322f2
-
SHA1
d953fc78850be7d2475b1e2e87b4a8471f1c22d1
-
SHA256
5f8e0d6a864a4a9209d1126b58dd1a9ab77c894868ed0bd2aff95b3259480c09
-
SHA512
0777e9ef43d266a996d227f1b4b9ca82c545c1f75596ef8818fbb0a647d480531276a26a8ccdd782f797e0ba57945d2fcf298c7333f25ff83eb71268b6ae4919
-
SSDEEP
384:RScatnGMyPq9gD8PLvdBkF6jSxcZjBqs68Nd2d64FxdlaXSguV:RxknGBq9gD8xBaRxews60Q647
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8994f3fd6bea90a8a947ffda553322f2_JaffaCakes118
Files
-
8994f3fd6bea90a8a947ffda553322f2_JaffaCakes118.sys windows:4 windows x86 arch:x86
ec6bcf2ed431437530ad5e69ceef8b46
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
HalAllProcessorsStarted
HalSetBusData
KeAcquireQueuedSpinLock
HalSetEnvironmentVariable
HalHandleNMI
KeTryToAcquireQueuedSpinLock
ExAcquireFastMutex
KfRaiseIrql
WRITE_PORT_ULONG
HalRequestIpi
HalRequestIpi
HalDisplayString
KeGetCurrentIrql
KeReleaseSpinLock
KeReleaseSpinLock
HalSetBusDataByOffset
ExAcquireFastMutex
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_ULONG
HalInitializeProcessor
IoReadPartitionTable
HalStartNextProcessor
READ_PORT_ULONG
IoFreeAdapterChannel
READ_PORT_ULONG
IoReadPartitionTable
IoMapTransfer
READ_PORT_UCHAR
HalAssignSlotResources
HalAllocateCrashDumpRegisters
HalHandleNMI
HalSetBusData
KfReleaseSpinLock
HalGetBusData
HalMakeBeep
WRITE_PORT_UCHAR
KeQueryPerformanceCounter
WRITE_PORT_ULONG
HalClearSoftwareInterrupt
HalSetProfileInterval
KfReleaseSpinLock
HalQueryRealTimeClock
HalEndSystemInterrupt
READ_PORT_BUFFER_ULONG
WRITE_PORT_UCHAR
HalClearSoftwareInterrupt
KeAcquireSpinLock
HalSetBusDataByOffset
KeAcquireQueuedSpinLockRaiseToSynch
HalAllocateCommonBuffer
HalStartProfileInterrupt
READ_PORT_USHORT
HalSetDisplayParameters
READ_PORT_USHORT
READ_PORT_BUFFER_UCHAR
HalSetBusDataByOffset
HalSetProfileInterval
IoSetPartitionInformation
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalReportResourceUsage
HalReturnToFirmware
KeStallExecutionProcessor
KeReleaseSpinLock
KfRaiseIrql
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalAllProcessorsStarted
KfAcquireSpinLock
HalClearSoftwareInterrupt
ExAcquireFastMutex
HalSetBusDataByOffset
HalQueryDisplayParameters
HalGetInterruptVector
HalCalibratePerformanceCounter
HalFlushCommonBuffer
HalMakeBeep
KeReleaseQueuedSpinLock
KeLowerIrql
HalGetAdapter
HalProcessorIdle
KeTryToAcquireQueuedSpinLockRaiseToSynch
HalReadDmaCounter
KeAcquireSpinLockRaiseToSynch
ntoskrnl.exe
FsRtlUninitializeOplock
strncat
NtVdmControl
RtlLargeIntegerShiftLeft
FsRtlPrepareMdlWrite
KeInitializeMutex
CcGetFileObjectFromSectionPtrs
RtlCompareMemoryUlong
RtlNtStatusToDosErrorNoTeb
ExAcquireResourceExclusiveLite
FsRtlIsTotalDeviceFailure
mbtowc
MmMapUserAddressesToPage
IoFreeMdl
ExCreateCallback
ZwQueryDefaultLocale
RtlAnsiStringToUnicodeSize
FsRtlCurrentBatchOplock
IoFreeWorkItem
KeInitializeEvent
IoSynchronousPageWrite
PoCallDriver
IoQueryVolumeInformation
MmDisableModifiedWriteOfSection
RtlDestroyAtomTable
ExfInterlockedAddUlong
RtlDeleteAce
IoSetThreadHardErrorMode
CcUnpinData
InterlockedIncrement
PoSetHiberRange
_stricmp
RtlInitString
ExEventObjectType
ZwWaitForSingleObject
RtlUpcaseUnicodeStringToOemString
KeInsertQueueDpc
MmAdjustWorkingSetSize
Exi386InterlockedExchangeUlong
MmFreeContiguousMemorySpecifyCache
NlsMbCodePageTag
IoRequestDeviceEject
SeSystemDefaultDacl
KdEnableDebugger
RtlGetDaclSecurityDescriptor
ExCreateCallback
NtQueryEaFile
LsaCallAuthenticationPackage
MmCanFileBeTruncated
ZwEnumerateValueKey
RtlRemoveUnicodePrefix
SeAccessCheck
RtlIsGenericTableEmpty
KeRestoreFloatingPointState
SeCreateClientSecurity
FsRtlCopyRead
ZwResetEvent
wcsrchr
_strrev
WRITE_REGISTER_BUFFER_UCHAR
RtlUnicodeToMultiByteN
FsRtlGetNextMcbEntry
IofCallDriver
ExAcquireResourceSharedLite
SeSetAccessStateGenericMapping
RtlUlongByteSwap
RtlDeleteRegistryValue
wcscpy
MmIsAddressValid
ObReleaseObjectSecurity
FsRtlMdlReadDev
CcScheduleReadAhead
RtlAnsiStringToUnicodeString
FsRtlGetNextLargeMcbEntry
PsInitialSystemProcess
RtlFindLeastSignificantBit
ZwSetInformationThread
ExUuidCreate
IoReleaseRemoveLockAndWaitEx
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ