Static task
static1
General
-
Target
a795083f44db0a2fa3b24b935143cb77_JaffaCakes118
-
Size
723KB
-
MD5
a795083f44db0a2fa3b24b935143cb77
-
SHA1
5a834bd1cdd79d2af3a1c61d0cac52e9e95030ac
-
SHA256
ae92c6846b8c481818fe25068c11aa4e5f7b1943766ab209288c27b2e5177c16
-
SHA512
59990c27ce8cd1b5a7230ea6ee6b5716039c3d0d108669d35b9a94955f65da619fca14e3e97673ddc95de6b5811f09ac10b57744982435f590e421eda9d1596b
-
SSDEEP
12288:dAiog25fUkaI/FGwRJn87UdBOtXFgv45+DHHy9MTIm16FIqE/C01RepmXHLXVhmx:+5fhNEwRSUdBuiv45+rh/DNXHLXE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a795083f44db0a2fa3b24b935143cb77_JaffaCakes118
Files
-
a795083f44db0a2fa3b24b935143cb77_JaffaCakes118.sys windows:4 windows x86 arch:x86
8f27def3d44d3cf89693f8e94ab4e194
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
KeBugCheckEx
KeInitializeEvent
KeSetEvent
IofCallDriver
ZwClose
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
ZwQueryValueKey
PoCallDriver
IoFreeIrp
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
IoDetachDevice
RtlFreeUnicodeString
IoAllocateIrp
KeInitializeDpc
ZwOpenKey
RtlQueryRegistryValues
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
KeCancelTimer
ExFreePool
IoQueueWorkItem
IoAllocateMdl
KeInitializeTimer
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
KeSetTimer
IoSetDeviceInterfaceState
IoCancelIrp
PoSetPowerState
IoRegisterDeviceInterface
ZwSetValueKey
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
DbgPrint
RtlInitAnsiString
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoBuildSynchronousFsdRequest
IoDeleteSymbolicLink
MmUnmapIoSpace
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
RtlAppendUnicodeToString
MmMapIoSpace
IoReleaseRemoveLockEx
KeQueryTimeIncrement
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
IoDisconnectInterrupt
IoConnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
ZwQuerySystemInformation
MmProbeAndLockPages
IoGetDmaAdapter
KeSetPriorityThread
KeRemoveQueueDpc
IoGetDeviceObjectPointer
Sections
.text Size: 318KB - Virtual size: 317KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 385KB - Virtual size: 385KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ