Static task
static1
General
-
Target
a3c98d771e56fa4332b19be93bfb0752_JaffaCakes118
-
Size
40KB
-
MD5
a3c98d771e56fa4332b19be93bfb0752
-
SHA1
720570234a2535a4749ad5395903fb3ebd7e9f17
-
SHA256
9bdcb664b952bccf2362b56d19254dd8b325ad8b13db12d1384d4e2413fd4134
-
SHA512
ab4f4544a3ca5deb384faeae19b8b989307026ce98538dc0000579bd3d099066ff359d2971fcaa0e708e4aa090b75a1dd89dc98c183cf446206b4c7d67a30a2e
-
SSDEEP
768:mBM54SqUYWfxBDCRln7FgKTF9NmK5cGXjq8Yuo2sAgGMtpPkEtX6s5nNCr58ln:7DqqDCRlmojNmcq8zoS3WVBN08
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a3c98d771e56fa4332b19be93bfb0752_JaffaCakes118
Files
-
a3c98d771e56fa4332b19be93bfb0752_JaffaCakes118.sys windows:4 windows x86 arch:x86
2051ea562c0d2d8465d73459c9610614
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_stricmp
swprintf
wcsstr
_wcslwr
wcslen
wcscat
wcscpy
_wcsicmp
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
_snwprintf
wcsncpy
wcschr
strncmp
ExFreePool
_snprintf
ExAllocatePoolWithTag
_wcsnicmp
ObfDereferenceObject
RtlAnsiStringToUnicodeString
ZwCreateKey
wcsrchr
ZwDeleteKey
PsCreateSystemThread
ObReferenceObjectByHandle
KeQuerySystemTime
MmIsAddressValid
IoGetCurrentProcess
strncpy
PsLookupProcessByProcessId
IoDeviceObjectType
ZwSetInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
RtlCompareUnicodeString
IofCompleteRequest
ZwSetValueKey
PsSetCreateProcessNotifyRoutine
RtlCopyUnicodeString
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 52B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ