Static task
static1
General
-
Target
8d938dcdfe209c5b8827830db7735f2a_JaffaCakes118
-
Size
46KB
-
MD5
8d938dcdfe209c5b8827830db7735f2a
-
SHA1
43c92277171ec0025bd0c73a14c73f49f430d09d
-
SHA256
19315d137deb0e3d089e0ce76f7b6b34356cabfd058f81840ef80ed19ff7fc81
-
SHA512
384b7d27433082280f2c116f6b39417fa16f3584cfef91b0f389e8549317ae28f85c2c2b2e0a4b9747c6e25d267036cff4b249d0e6c3fbe8032d135aaa44a5c2
-
SSDEEP
384:5VS2dEzd7v2ddDVwuaeKvXocw7/dGdB7r6u7rZqCoCcJM1lN:5iedWZeSXVy1gBf9fX/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8d938dcdfe209c5b8827830db7735f2a_JaffaCakes118
Files
-
8d938dcdfe209c5b8827830db7735f2a_JaffaCakes118.sys windows:4 windows x86 arch:x86
9a02530d26d1be93ee5c1d6c45a90cd3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncat
ZwMapViewOfSection
ExInterlockedInsertHeadList
IoUnregisterFileSystem
ExInterlockedExtendZone
wcscspn
NtWaitForSingleObject
SeSetSecurityDescriptorInfoEx
ExFreePoolWithTag
Mm64BitPhysicalAddress
IoIsFileOriginRemote
Ke386CallBios
ZwDeleteKey
KeInsertHeadQueue
KeI386MachineType
Exfi386InterlockedDecrementLong
ExCreateCallback
ExfInterlockedInsertHeadList
RtlInitializeSid
RtlUpcaseUnicodeStringToCountedOemString
islower
RtlEnumerateGenericTable
NtSetInformationProcess
MmIsRecursiveIoFault
_snwprintf
NtQueryVolumeInformationFile
sprintf
MmForceSectionClosed
RtlInitString
IoWriteTransferCount
IoCallDriver
RtlExtendedIntegerMultiply
RtlDeleteAtomFromAtomTable
ObInsertObject
IoStartNextPacketByKey
RtlCaptureContext
IoBuildDeviceIoControlRequest
RtlNtStatusToDosErrorNoTeb
IoCreateUnprotectedSymbolicLink
RtlFindUnicodePrefix
ZwFsControlFile
MmGetPhysicalMemoryRanges
IoCreateNotificationEvent
RtlInitAnsiString
IoCheckDesiredAccess
FsRtlAddToTunnelCache
ZwSetDefaultUILanguage
HalPrivateDispatchTable
ExReinitializeResourceLite
RtlDeleteRegistryValue
SeReleaseSecurityDescriptor
RtlDescribeChunk
ZwCreateSection
hal
HalRequestIpi
KeAcquireSpinLock
HalClearSoftwareInterrupt
KeQueryPerformanceCounter
KeQueryPerformanceCounter
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel
HalSetProfileInterval
HalGetEnvironmentVariable
HalReadDmaCounter
ExTryToAcquireFastMutex
HalSystemVectorDispatchEntry
HalSetProfileInterval
KeQueryPerformanceCounter
IoFreeMapRegisters
KeRaiseIrql
HalStopProfileInterrupt
HalAllProcessorsStarted
HalHandleNMI
READ_PORT_USHORT
HalQueryDisplayParameters
READ_PORT_BUFFER_UCHAR
IoReadPartitionTable
KfAcquireSpinLock
IoMapTransfer
KdComPortInUse
KeGetCurrentIrql
HalStartNextProcessor
KeReleaseQueuedSpinLock
KfRaiseIrql
WRITE_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalAdjustResourceList
HalSystemVectorDispatchEntry
READ_PORT_USHORT
IoSetPartitionInformation
HalAllProcessorsStarted
IoFlushAdapterBuffers
READ_PORT_UCHAR
KeRaiseIrqlToDpcLevel
HalRequestSoftwareInterrupt
KeRaiseIrqlToSynchLevel
HalGetEnvironmentVariable
IoReadPartitionTable
IoWritePartitionTable
HalGetBusData
HalSetTimeIncrement
HalFlushCommonBuffer
ExReleaseFastMutex
READ_PORT_USHORT
KfLowerIrql
ExReleaseFastMutex
IoFlushAdapterBuffers
HalStartProfileInterrupt
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalRequestIpi
HalGetEnvironmentVariable
IoFreeMapRegisters
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ