Static task
static1
General
-
Target
a37b5908c17ba4d2cf3f12aa9ba0e13b_JaffaCakes118
-
Size
32KB
-
MD5
a37b5908c17ba4d2cf3f12aa9ba0e13b
-
SHA1
da33e8a0510daa00aca133a9b19d6ee84cb180c1
-
SHA256
0602c16ddbda17db423e0993d0710e7f4521237b91cba6fbe6091f266848bd78
-
SHA512
592fc63e1021f8fc04dd37a86cf746f9cda1f920e138c10a5cb25d677f61352bcdecab6eb72b716fc0191f1f0d160a853eedc38293639d44c809a8af12226b4d
-
SSDEEP
768:9xq0zj+MBwY7IvTPxpJuBt+EdvVQHMoNcA:Dq0zj+Ew849pJuBBvKH12
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a37b5908c17ba4d2cf3f12aa9ba0e13b_JaffaCakes118
Files
-
a37b5908c17ba4d2cf3f12aa9ba0e13b_JaffaCakes118.sys windows:4 windows x86 arch:x86
9a9d9bcf4e219b07a684a99409ade9aa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQueryValueKey
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
ZwWriteFile
PsCreateSystemThread
IoFreeMdl
NtClose
IoGetDeviceObjectPointer
ExInitializeNPagedLookasideList
ZwSetValueKey
_wcsnicmp
MmMapLockedPages
ZwCreateKey
IoFreeIrp
ZwDeleteKey
ObfDereferenceObject
ZwFlushKey
_stricmp
ExAllocatePoolWithTag
KeGetCurrentThread
_wcsicmp
ExFreePoolWithTag
memset
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwClose
KeDelayExecutionThread
KefReleaseSpinLockFromDpcLevel
IoAllocateIrp
ExInterlockedPopEntrySList
KefAcquireSpinLockAtDpcLevel
IoAllocateMdl
ExInterlockedPushEntrySList
ZwSetInformationFile
KeSetEvent
KeInitializeEvent
RtlUnwind
PsLookupThreadByThreadId
PsLookupProcessByProcessId
KeStackAttachProcess
KeInsertQueueApc
KeUnstackDetachProcess
KeInitializeApc
ZwQuerySystemInformation
MmGetPhysicalAddress
MmHighestUserAddress
PsGetVersion
hal
KfAcquireSpinLock
KfReleaseSpinLock
ndis.sys
NdisAllocateBufferPool
NdisAllocateBuffer
NdisFreePacketPool
NdisFreePacket
NdisOpenAdapter
NdisCloseAdapter
NdisFreeBufferPool
NdisDeregisterProtocol
NdisFreeMemory
NdisAllocatePacketPool
NdisAllocatePacket
NdisAllocateMemoryWithTag
NdisRegisterProtocol
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ