Static task
static1
General
-
Target
95c9c542ac0f5e2fe892700834db961f_JaffaCakes118
-
Size
40KB
-
MD5
95c9c542ac0f5e2fe892700834db961f
-
SHA1
671b87f97a97c0e8a6651e7aa3650337c9b1e175
-
SHA256
19667da5f2f9b36b55a5274f814cb35176a5cd11fe09570c0fd4c1556536c00a
-
SHA512
b68cd904fcd083698dcb6b35e6cfc4febcf32eda4d3a272db48176a9f29238dc3c8194dbffa0acdc995907f71d068f3697d30d24cda4b027973d33303e1370db
-
SSDEEP
768:rMZW5nrbPXJb90FoPyRCENsJP0L/QdNyY31T0rghQlQIoLehBjmBzfM0KpRssm1O:rMZW5rz0FsxYDKya9AAQuAmpXyRsZ8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 95c9c542ac0f5e2fe892700834db961f_JaffaCakes118
Files
-
95c9c542ac0f5e2fe892700834db961f_JaffaCakes118.sys windows:4 windows x86 arch:x86
4c4cb8a0e9e57329089f991cab92e5b8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ZwDeleteKey
swprintf
ZwSetValueKey
wcslen
ZwQueryValueKey
ZwOpenKey
_except_handler3
ObReferenceObjectByHandle
RtlCopyUnicodeString
wcscat
wcscpy
ZwCreateKey
strncmp
IoGetCurrentProcess
IoDeviceObjectType
PsGetVersion
IofCompleteRequest
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
_wcsicmp
wcsncpy
wcsrchr
ObfDereferenceObject
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
ZwSetInformationFile
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_snwprintf
wcschr
_snprintf
PsCreateSystemThread
strncpy
PsLookupProcessByProcessId
_stricmp
_wcsnicmp
wcsstr
_wcslwr
KeTickCount
KeQueryTimeIncrement
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 51B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ