Static task
static1
General
-
Target
955e4bf2c402727605eeb04e6af3e978_JaffaCakes118
-
Size
26KB
-
MD5
955e4bf2c402727605eeb04e6af3e978
-
SHA1
43b09a73ace8b1f6c346607d1aa7b91a35df3c1c
-
SHA256
06e4273a4e996c6eedad95956a59ef63d82c63603c7c258a85d16cf37379554a
-
SHA512
655d9abeb4cf404af9399258e962bf0ec3c47b3f5f718d0e51846d6ef0f2a884aae75bf4648ce8f3a0f74a4504e42e6c25d49fd5c9963f2c625b0be6217b2f4a
-
SSDEEP
768:RePce6NO0mG/iifWeI7aNqfePDT8AmyghUu:Ew0G/iJsQes+yJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 955e4bf2c402727605eeb04e6af3e978_JaffaCakes118
Files
-
955e4bf2c402727605eeb04e6af3e978_JaffaCakes118.sys windows:5 windows x86 arch:x86
8940ca15bf73a3919138b0998d41ae8e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
wcsncmp
wcslen
towlower
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_strnicmp
wcsstr
IoRegisterDriverReinitialization
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 804B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ