Static task
static1
General
-
Target
8e1db5d6b16f82230a5a1b7cfeedb13c_JaffaCakes118
-
Size
40KB
-
MD5
8e1db5d6b16f82230a5a1b7cfeedb13c
-
SHA1
ccf8a0d263d38fe3cc65fd8b9570f02ffe7ec9f0
-
SHA256
053a6fce5e362f5e5b36375b16cf91d7120d7e6a0602dd4a9623f9871acb5783
-
SHA512
40509e42c16c8cb81b275a6d04192c4aaed82b662f96711d25d494214b803daf2331afd098e79eb0d9533a670aeb96cf4a599ac65ad8bf6822ce84e727671c28
-
SSDEEP
768:sD2LVdqNl5D7Rs6bMaTldtV7/gLTLPkeNNy+Uv//d0MpsVChNMhTYzFgpIvIq8iB:N2l5Da6bMIlB7/gDPTNNWFzGVChNMhwB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8e1db5d6b16f82230a5a1b7cfeedb13c_JaffaCakes118
Files
-
8e1db5d6b16f82230a5a1b7cfeedb13c_JaffaCakes118.sys windows:4 windows x86 arch:x86
b27fcc71cfe5f8aa91da8f65695d4031
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeQuerySystemTime
ZwClose
ZwDeleteKey
ZwOpenKey
RtlInitUnicodeString
swprintf
ZwSetValueKey
ZwCreateKey
MmIsAddressValid
wcsstr
_wcslwr
ZwQueryValueKey
RtlCopyUnicodeString
KeDelayExecutionThread
wcslen
_except_handler3
ObReferenceObjectByHandle
PsGetVersion
KeTickCount
KeQueryTimeIncrement
_stricmp
_wcsicmp
wcsncpy
wcsrchr
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoDeviceObjectType
ZwCreateFile
strncmp
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
wcscat
wcscpy
_wcsnicmp
ExFreePool
ExAllocatePoolWithTag
_snwprintf
_snprintf
IofCompleteRequest
wcschr
ZwSetInformationFile
strncpy
PsLookupProcessByProcessId
PsCreateSystemThread
MmGetSystemRoutineAddress
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 78B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ