Static task
static1
General
-
Target
8b5e31fbf0d7e78e0c914e25ccf7c8b8_JaffaCakes118
-
Size
40KB
-
MD5
8b5e31fbf0d7e78e0c914e25ccf7c8b8
-
SHA1
38d5a86e41261881ea27d13733e8fec35a42748e
-
SHA256
3b51185b0644c8b610465746e759c88c05009b3299486338574c34e0d3c76c2d
-
SHA512
9a7ef0797abcd0fad12fc8cedf782098a7b38b59952fc979d93fb8ac65f7d82e98d7e50ccefa21afcff4c6a32fc9cd5dd3484c7553ea6f723eadb25284161e89
-
SSDEEP
768:WAWAOXqzSJkOsIOAC9ej9mCH1G4+nDTYEig4Iwr67KnJBIwBzzyGTX:WAWAqeSHpnVUwVXI46Onpz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8b5e31fbf0d7e78e0c914e25ccf7c8b8_JaffaCakes118
Files
-
8b5e31fbf0d7e78e0c914e25ccf7c8b8_JaffaCakes118.sys windows:4 windows x86 arch:x86
c239dff9ac162f91b3097e1d7fbff409
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
strncmp
wcsstr
_wcslwr
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
KeTickCount
KeQueryTimeIncrement
_stricmp
IofCompleteRequest
wcslen
RtlCompareUnicodeString
_wcsnicmp
ObfDereferenceObject
MmIsAddressValid
IoDeviceObjectType
swprintf
ZwCreateFile
ZwCreateKey
ObReferenceObjectByHandle
ZwSetInformationFile
wcscpy
_snwprintf
wcsncpy
wcschr
wcscat
ZwDeleteKey
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
strncpy
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
_wcsicmp
ExFreePool
ExAllocatePoolWithTag
_snprintf
IoGetCurrentProcess
PsGetVersion
wcsrchr
RtlCopyUnicodeString
IoRegisterDriverReinitialization
PsCreateSystemThread
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 52B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ