Static task
static1
General
-
Target
89c6043e448d05856111a99c3240a94a_JaffaCakes118
-
Size
30KB
-
MD5
89c6043e448d05856111a99c3240a94a
-
SHA1
ff7fc182c4f1e695f5666df729d8262cc8dae135
-
SHA256
973ffabe8d4bf5db881e52eaeb9c36d3ffe078f3d5ebb8afa5a6a88c0cd766ec
-
SHA512
d28ea469ed9cf728eada1dd7f34d0aa13ef5ae17097f38b79a372d5670a71ea8cc7cd1f1d40a18d1d3c84795fe3336463e75f402273d67757029c3987c5296a6
-
SSDEEP
768:2LtlNQYd0nr7pSHIksiIy3QciN6M2VkidBpteh:i1QcM7E3QciMM2tdrteh
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 89c6043e448d05856111a99c3240a94a_JaffaCakes118
Files
-
89c6043e448d05856111a99c3240a94a_JaffaCakes118.sys windows:4 windows x86 arch:x86
caed740047327835987440169debea21
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64B - Virtual size: 35B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 96B - Virtual size: 86B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 64B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ