Static task
static1
General
-
Target
8afa3ae1058d8d64aeb45657d78b016b_JaffaCakes118
-
Size
38KB
-
MD5
8afa3ae1058d8d64aeb45657d78b016b
-
SHA1
0d2352bf29436fb42f305665b7562675564bd59b
-
SHA256
92c38d7230cf40ef36efc3ca723b7f814c87e78ac58a22929e08e6ca3f5e7390
-
SHA512
92f0fef952d672a8090b46ebb7bb66b4528223875611c9500053cab0bdca8388347f89f1727a394900ed032ea4721e78f07c6ca36bb929f1a684f71f1046b825
-
SSDEEP
768:jvLofCXrlqcBkzDmLeWKsX3lf8JeXsDETgZuuQtOlOtc:jTeCXr4NmfH6afMmElk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8afa3ae1058d8d64aeb45657d78b016b_JaffaCakes118
Files
-
8afa3ae1058d8d64aeb45657d78b016b_JaffaCakes118.sys windows:5 windows x86 arch:x86
79ff11ec79738ecb0f4faa11b4fed555
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
NtBuildNumber
IoCreateSymbolicLink
IoCreateDevice
wcscmp
_wcslwr
ExFreePoolWithTag
ZwQuerySystemInformation
ExAllocatePoolWithTag
ZwAllocateVirtualMemory
ObfDereferenceObject
KeDetachProcess
ZwClose
ZwOpenProcess
KeAttachProcess
PsLookupProcessByProcessId
PsTerminateSystemThread
KeWaitForSingleObject
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeSetEvent
KeInsertQueueApc
KeInitializeApc
PsLookupThreadByThreadId
KeTickCount
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 202B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ