Static task
static1
General
-
Target
a019439c768077218730045d084b8523_JaffaCakes118
-
Size
40KB
-
MD5
a019439c768077218730045d084b8523
-
SHA1
315368adaeab55278a0377bc36c3a7eed0488f6d
-
SHA256
5e4b128cfdd1d9c9dd7011ad138d747f2e46c0fb8d1580607193e8d18ef5f45f
-
SHA512
96558a3b4e7e9688907741826e67c3d2062d0711a63393ae83f2d60d69d68086b91503a82284a7ad1f64a9dadb3559c705931d14263efccee25c2d4b3d806f9f
-
SSDEEP
768:bOY2EuuJE+0JnpWmj8ccPgfMKda35Pi5sl5gsHF6nrU0fPOO2/c+NPlnT3AYdZXm:R0lQe8LPl5hH8rY/cqXdZjo7/3j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a019439c768077218730045d084b8523_JaffaCakes118
Files
-
a019439c768077218730045d084b8523_JaffaCakes118.sys windows:4 windows x86 arch:x86
abe4f56b0910e97503c84e19583d8a59
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ZwClose
ZwDeleteKey
swprintf
IofCompleteRequest
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
_except_handler3
IoRegisterDriverReinitialization
ObfDereferenceObject
strncpy
IoGetCurrentProcess
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
MmIsAddressValid
IoDeviceObjectType
RtlAnsiStringToUnicodeString
_snwprintf
wcslen
wcscat
wcscpy
_wcsicmp
PsSetCreateProcessNotifyRoutine
ZwCreateKey
PsCreateSystemThread
ZwCreateFile
KeTickCount
KeQueryTimeIncrement
_stricmp
wcsncpy
KeDelayExecutionThread
KeQuerySystemTime
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwSetInformationFile
strncmp
ObReferenceObjectByHandle
wcsrchr
RtlCopyUnicodeString
RtlCompareUnicodeString
PsLookupProcessByProcessId
_wcsnicmp
_snprintf
wcsstr
_wcslwr
wcschr
MmGetSystemRoutineAddress
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 69B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ