Static task
static1
General
-
Target
9661a0852da18d104158d7cab087e82d_JaffaCakes118
-
Size
9KB
-
MD5
9661a0852da18d104158d7cab087e82d
-
SHA1
6f0f6d90937f82463d1ad0d27e279c04806f4813
-
SHA256
010101e52b79c7f4642912902b1c73b20e4e91e94001aa0234c72a5ff69b5740
-
SHA512
2044bbe31f2f944f20ac9a839bab381c30f36ec37452099c5f8c99e55fe54755c5726b175ec726985dac243f6882bcf849faac01cb75dd391fc130cc9224922b
-
SSDEEP
192:ipgH3QfKa89u9yR/i98k1CK7XO4jb7mfH6OZR71:i3lpok8CTdjmfH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9661a0852da18d104158d7cab087e82d_JaffaCakes118
Files
-
9661a0852da18d104158d7cab087e82d_JaffaCakes118.sys windows:4 windows x86 arch:x86
eea3a65e41268a423c0ba656b2160fc0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeServiceDescriptorTable
IoFreeMdl
MmUnmapLockedPages
ZwDeviceIoControlFile
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryDirectoryFile
InterlockedExchange
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePool
IofCompleteRequest
ExAllocatePoolWithTag
RtlCompareMemory
wcslen
ProbeForRead
_except_handler3
IoCreateSymbolicLink
MmCreateMdl
ZwClose
ObReferenceObjectByHandle
ZwOpenProcess
ZwQuerySystemInformation
_strnicmp
MmIsAddressValid
MmHighestUserAddress
KeDetachProcess
ZwQueryInformationProcess
KeAttachProcess
MmBuildMdlForNonPagedPool
IoCreateDevice
MmMapLockedPages
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 294B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 868B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 686B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ