Static task
static1
General
-
Target
a5a7f010ead5b1268db06e267e3851b0_JaffaCakes118
-
Size
767KB
-
MD5
a5a7f010ead5b1268db06e267e3851b0
-
SHA1
7020c6b0332e52bf4a1f2d5631d23276110913ad
-
SHA256
a2eca4e86e809e04e2ac7850af7d093ace2fbc88059793318d74da195bcca121
-
SHA512
389ae293e362df5ed0c334f56cf150bc824985267e63039c12906676166e8cdd407db12a4f255926e11f50f736ccd6481064f3c765f12ff84b4b5dedc2a85739
-
SSDEEP
12288:GUDbxSeH91N0varMxuoioLGa379OkC9xxCtVDVT2pKQNIH/W1AZf3pr4uKoJjWdn:ZlSYN0vaxoi8G3kXxT2z+Z57KmaiX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a5a7f010ead5b1268db06e267e3851b0_JaffaCakes118
Files
-
a5a7f010ead5b1268db06e267e3851b0_JaffaCakes118.sys windows:4 windows x86 arch:x86
f8c976136e763949dd1dffe03cb746cb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
sprintf
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlCaptureStackBackTrace
LsaCallAuthenticationPackage
_strupr
ZwAccessCheckAndAuditAlarm
IoGetDeviceObjectPointer
KeInitializeMutant
ObCreateObject
MmMapMemoryDumpMdl
RtlCheckRegistryKey
KeInitializeEvent
SeLockSubjectContext
RtlUshortByteSwap
KeGetPreviousMode
KeUnstackDetachProcess
PsReferenceImpersonationToken
ZwCancelTimer
ZwSetInformationFile
IoDeleteDevice
ZwReplaceKey
ExInterlockedAddLargeStatistic
RtlUpcaseUnicodeToOemN
LdrAccessResource
RtlUnicodeStringToOemSize
IoAcquireVpbSpinLock
RtlUnicodeToMultiByteSize
ZwSetDefaultUILanguage
NlsMbCodePageTag
SeSystemDefaultDacl
READ_REGISTER_UCHAR
CcPinRead
CcFastCopyWrite
FsRtlAcquireFileExclusive
FsRtlPrepareMdlWriteDev
KeI386AbiosCall
MmProbeAndLockProcessPages
FsRtlNumberOfRunsInLargeMcb
MmIsNonPagedSystemAddressValid
NtSetInformationProcess
MmSecureVirtualMemory
KeStackAttachProcess
ExInitializePagedLookasideList
IoSynchronousInvalidateDeviceRelations
RtlQueryAtomInAtomTable
RtlZeroMemory
IoAllocateErrorLogEntry
IoCheckEaBufferValidity
ZwDeleteFile
IoCreateSymbolicLink
ExExtendZone
ExIsProcessorFeaturePresent
IoRaiseHardError
RtlGetAce
atoi
MmFreePagesFromMdl
PoRegisterDeviceNotify
_global_unwind2
IoCreateDevice
IoCreateUnprotectedSymbolicLink
ZwSetInformationObject
ZwDuplicateToken
ExDeleteResourceLite
ZwClearEvent
RtlSubtreePredecessor
IoRequestDeviceEject
RtlSetTimeZoneInformation
ZwQuerySection
ZwQueryInformationProcess
MmQuerySystemSize
IoGetRequestorProcess
ZwEnumerateKey
RtlTraceDatabaseAdd
RtlFindClearBitsAndSet
RtlCompressBuffer
strncpy
wctomb
KeCancelTimer
SePublicDefaultDacl
IoInvalidateDeviceState
KeQueryPriorityThread
Sections
.text Size: 349KB - Virtual size: 348KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 359B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 402KB - Virtual size: 401KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ