Static task
static1
General
-
Target
a8a392ff0ebf1c7926eeff0e0a123c12_JaffaCakes118
-
Size
41KB
-
MD5
a8a392ff0ebf1c7926eeff0e0a123c12
-
SHA1
0cde43d3f9320d014d460d34d70d782603c1f517
-
SHA256
63f98558597bd7cf4feeef06656501cbe4fdae09d0392a853bcf65fe4a9512e9
-
SHA512
1af1028bae2f125647e433b945ec222410bd7d7eb2fc585aa03697ce086d94fdfd4f742374d149d2c9f158ec978b255792a1ad29d828d6793aa6791079543463
-
SSDEEP
768:RbgJgB4rVNrZMX8DEbyX/A9wnX4Qu4ZlMdcrhW67lQQg24RzYhSSvsPBjZuj:lhBSTSX8DKI/AWnoQu4odcrjlQxb1BIF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a8a392ff0ebf1c7926eeff0e0a123c12_JaffaCakes118
Files
-
a8a392ff0ebf1c7926eeff0e0a123c12_JaffaCakes118.sys windows:4 windows x86 arch:x86
421b19591d8639ac308fd5e07cf11fa9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
ProbeForRead
KeServiceDescriptorTable
IofCompleteRequest
RtlMapGenericMask
KeSetEvent
KeInsertQueueApc
ExAllocatePoolWithTag
KeInitializeMutex
KeDetachProcess
PsCreateSystemThread
PsLookupProcessByProcessId
ZwClose
RtlCopyUnicodeString
MmProbeAndLockPages
MmMapLockedPages
KeReleaseMutex
ZwEnumerateKey
MmUnlockPages
KeWaitForSingleObject
MmUnmapLockedPages
IoCancelIrp
IoFreeMdl
NtSetInformationProcess
_stricmp
SeDeleteAccessState
IoGetDeviceObjectPointer
IoFreeIrp
swprintf
RtlInitUnicodeString
ObReferenceObjectByHandle
wcsstr
ZwOpenEvent
KeAttachProcess
PsSetCreateProcessNotifyRoutine
wcstombs
wcsncpy
SeCreateAccessState
KeUnstackDetachProcess
ObfReferenceObject
ZwMapViewOfSection
IoGetRelatedDeviceObject
_wcslwr
IoReuseIrp
wcschr
KeInitializeEvent
ZwReadFile
_except_handler3
ExFreePoolWithTag
IofCallDriver
IoAllocateMdl
ZwQueryInformationFile
KeDelayExecutionThread
ZwCreateKey
wcscpy
_wcsnicmp
IoAllocateIrp
KeGetCurrentThread
ZwCreateFile
IoGetCurrentProcess
KeInitializeApc
_allmul
ZwOpenKey
IoFileObjectType
PsGetCurrentProcessId
ZwOpenSection
ZwSetValueKey
ProbeForWrite
ObCreateObject
_strnicmp
ZwDeleteKey
ZwUnmapViewOfSection
PsTerminateSystemThread
strncpy
wcslen
KeStackAttachProcess
PsLookupThreadByThreadId
KeClearEvent
MmBuildMdlForNonPagedPool
ZwQuerySystemInformation
ZwCreateEvent
SeSetAccessStateGenericMapping
ZwOpenFile
hal
ExReleaseFastMutex
ExAcquireFastMutex
Sections
.code Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE