Static task
static1
General
-
Target
a5295f6484c411ee1d0f1a5f0527b8d4_JaffaCakes118
-
Size
48KB
-
MD5
a5295f6484c411ee1d0f1a5f0527b8d4
-
SHA1
0dfef003573ccff1e1a974a70331adb719187db2
-
SHA256
b31adb49c3409feacfd68c9d332c6e492a23f70fe2b710d379691041077ba278
-
SHA512
f859dc87f0364e23a55df0fef52aa0e23576b4f0aa407cc3d63239b2e76256f08378877e8a46ebd0ee6051a6c9f186afd19739706840e07446bb6884b8f23932
-
SSDEEP
1536:PLFn+BfkH0rRoHENEI+B+gwQYK3Zg3WBkWTeiU4lLf:PLc4xNeU/eiU4lL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a5295f6484c411ee1d0f1a5f0527b8d4_JaffaCakes118
Files
-
a5295f6484c411ee1d0f1a5f0527b8d4_JaffaCakes118.sys windows:4 windows x86 arch:x86
a1fbcee4d3a43ae054b629d0c09a0f2c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
_strnicmp
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
ExFreePool
ZwEnumerateKey
ExAllocatePoolWithTag
ZwOpenKey
KeDelayExecutionThread
ZwCreateFile
IoRegisterDriverReinitialization
ZwDeleteValueKey
_except_handler3
ZwQueryValueKey
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
wcsncmp
towlower
IofCompleteRequest
strncmp
strncpy
wcsstr
MmGetSystemRoutineAddress
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 986B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 864B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ