Static task
static1
General
-
Target
964d3fbaecc08e1b88596ccf72362876_JaffaCakes118
-
Size
40KB
-
MD5
964d3fbaecc08e1b88596ccf72362876
-
SHA1
f9640ce181f54e38c123f36b712c4691dd25ea08
-
SHA256
b9132fda95fb02585bb773f647fcc28f3494aa7f1cd654f9604750e378f29f75
-
SHA512
1414e11624cbc5a1e1f9dd8210b2be28c1fd45dd99019157e96b7233c7cd8cb7130bc4bee76cc1d48b70d010eb9a888fd5bd205978441e9e0d4a4d830abde46d
-
SSDEEP
768:843nNvNmwNmO9Bti0LxW7Gmi+Ip9V5BDw7d9D9Hh8tpVc5P5EE0zIaNR6:TNVLbp47GmiN9V5BAd9zk+lqp8SR6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 964d3fbaecc08e1b88596ccf72362876_JaffaCakes118
Files
-
964d3fbaecc08e1b88596ccf72362876_JaffaCakes118.sys windows:4 windows x86 arch:x86
2f1289306719781fd174a933f754ad5e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncpy
PsLookupProcessByProcessId
_stricmp
ZwClose
RtlInitUnicodeString
_wcsicmp
wcsncpy
wcslen
wcsrchr
RtlCompareUnicodeString
swprintf
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
wcscat
wcscpy
KeTickCount
KeQueryTimeIncrement
ZwOpenKey
_wcsnicmp
PsCreateSystemThread
ZwSetValueKey
_except_handler3
strncmp
ObfDereferenceObject
RtlCopyUnicodeString
IoDeviceObjectType
wcsstr
_wcslwr
KeQuerySystemTime
ZwDeleteKey
ObReferenceObjectByHandle
ExFreePool
ExAllocatePoolWithTag
ZwSetInformationFile
ZwCreateFile
PsSetCreateProcessNotifyRoutine
ZwCreateKey
KeDelayExecutionThread
_snprintf
IofCompleteRequest
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
MmGetSystemRoutineAddress
_snwprintf
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcschr
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 58B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ