Static task
static1
General
-
Target
9538a47443ec5999b490e68b46ab944d_JaffaCakes118
-
Size
148KB
-
MD5
9538a47443ec5999b490e68b46ab944d
-
SHA1
7b425afd4f0527186382f3bb51424ed741ee57ce
-
SHA256
91a8b255a58e65dc5b000208327b70b832eb07a12dab9c7f037e8455c0d048bf
-
SHA512
645aa88dafd8833d8c79aa6542ddd2e6a37531fee02b1d63bf833cfdb4d1fa0de3fed89251c2e5f6ed9da97ce8bd880d127a4eb292d8927f8b1e09222ebaa218
-
SSDEEP
3072:xEHWGJnMyqnQk2TkI13mJClDGxWTLtz7cBrUNxI3E+8JKuq1mlgPfaGo4tcB:xEHWGlMuk2gKmJs6xoAUD0E+BujlqNc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9538a47443ec5999b490e68b46ab944d_JaffaCakes118
Files
-
9538a47443ec5999b490e68b46ab944d_JaffaCakes118.sys windows:4 windows x86 arch:x86
ee4800580c0f65fa145171786aa6647f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
ntoskrnl.exe
IoCreateUnprotectedSymbolicLink
IoWriteOperationCount
KefReleaseSpinLockFromDpcLevel
RtlOemStringToCountedUnicodeString
IoRegisterLastChanceShutdownNotification
strlen
PsThreadType
ZwFlushKey
_alldiv
RtlRandom
RtlWriteRegistryValue
KiReleaseSpinLock
ExAllocatePoolWithTagPriority
RtlFindFirstRunClear
RtlDeleteElementGenericTable
SePrivilegeCheck
IoWMIRegistrationControl
ProbeForRead
_aulldiv
ZwOpenKey
ZwCreateKey
CcPinMappedData
ExRegisterCallback
ExAllocateFromPagedLookasideList
ObGetObjectSecurity
READ_REGISTER_USHORT
IoGetDeviceInterfaces
KiAcquireSpinLock
ZwUnloadDriver
KeRemoveEntryDeviceQueue
KeInsertQueueApc
ExDeleteNPagedLookasideList
RtlSetOwnerSecurityDescriptor
FsRtlIsNameInExpression
KeReadStateMutex
RtlSetGroupSecurityDescriptor
ZwQuerySystemInformation
ObInsertObject
NlsOemLeadByteInfo
FsRtlLookupLastLargeMcbEntry
FsRtlMdlReadDev
_snwprintf
KdEnteredDebugger
ZwOpenFile
WRITE_REGISTER_BUFFER_USHORT
RtlEqualUnicodeString
NtFsControlFile
IoUpdateShareAccess
RtlLengthSid
IoReleaseVpbSpinLock
ZwCreateSection
CcSetDirtyPinnedData
ZwFsControlFile
_alldvrm
RtlAreBitsSet
PoRegisterSystemState
InbvInstallDisplayStringFilter
SeAssignSecurityEx
ExReleaseFastMutexUnsafe
SeDeassignSecurity
RtlZeroHeap
IoDetachDevice
ExAllocatePool
IoGetDeviceInterfaceAlias
strcpy
PoSetSystemState
_allmul
KeClearEvent
KeSetPriorityThread
ExfInterlockedInsertTailList
ExSystemTimeToLocalTime
CcSetAdditionalCacheAttributes
SeAssignSecurity
RtlUpcaseUnicodeChar
RtlInitString
FsRtlNotifyFilterReportChange
RtlImageDirectoryEntryToData
IoCreateStreamFileObjectLite
hal
HalSetTimeIncrement
READ_PORT_BUFFER_ULONG
IoMapTransfer
HalProcessorIdle
KfAcquireSpinLock
READ_PORT_ULONG
KeTryToAcquireQueuedSpinLockRaiseToSynch
KeFlushWriteBuffer
HalReportResourceUsage
KfRaiseIrql
HalAllocateCrashDumpRegisters
IoFlushAdapterBuffers
WRITE_PORT_UCHAR
HalEndSystemInterrupt
HalClearSoftwareInterrupt
KeRaiseIrqlToDpcLevel
IoFreeMapRegisters
KfReleaseSpinLock
HalSetBusDataByOffset
HalGetBusDataByOffset
WRITE_PORT_BUFFER_UCHAR
KeAcquireQueuedSpinLock
KeRaiseIrql
WRITE_PORT_ULONG
HalAllocateAdapterChannel
KeLowerIrql
HalSetProfileInterval
HalReturnToFirmware
HalSetEnvironmentVariable
HalTranslateBusAddress
HalStopProfileInterrupt
KeReleaseQueuedSpinLock
KeRaiseIrqlToSynchLevel
HalInitSystem
READ_PORT_UCHAR
HalMakeBeep
HalCalibratePerformanceCounter
HalSetBusData
KeReleaseSpinLock
HalSetRealTimeClock
WRITE_PORT_BUFFER_ULONG
KeAcquireQueuedSpinLockRaiseToSynch
HalInitializeProcessor
HalRequestIpi
READ_PORT_BUFFER_UCHAR
Sections
DATA Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 940B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 128B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ