Static task
static1
General
-
Target
a4f30fe160939f94f149ce3058c57efb_JaffaCakes118
-
Size
27KB
-
MD5
a4f30fe160939f94f149ce3058c57efb
-
SHA1
530400bb8ca8bd02965c1af94bac8ae557cc7ade
-
SHA256
623163eabbc7cdf497108e93dde37d51b4192f5ce4be18cafbb3fadf311a62c9
-
SHA512
875ddc69df71fd8f543f0a22330ba6322a93cab0ad5e436228a9e122cc11ccb420fd6c474fa561ca7521deb1c2cd38b2cdf2ec49fe366c9764145b550fdc45ee
-
SSDEEP
768:nOgoIKDonmG/2wVy/kTA91srumLFZAxAiq2aSmu:Yw92HsET8tFq+hl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a4f30fe160939f94f149ce3058c57efb_JaffaCakes118
Files
-
a4f30fe160939f94f149ce3058c57efb_JaffaCakes118.sys windows:5 windows x86 arch:x86
56e860c806d458fa9bf40f9bfc5fac8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwDeleteValueKey
RtlInitUnicodeString
KeDelayExecutionThread
_except_handler3
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_strnicmp
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
IofCompleteRequest
ExFreePool
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
wcsncmp
wcslen
towlower
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
ZwEnumerateKey
IoRegisterDriverReinitialization
wcsstr
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 822B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ