Static task
static1
General
-
Target
aa69bb205f345122e98e52e7f054f1f6_JaffaCakes118
-
Size
30KB
-
MD5
aa69bb205f345122e98e52e7f054f1f6
-
SHA1
ebd7511152244f11ffbd0566649e7b273f894894
-
SHA256
55f446ad41f8efc5b27d768374d879d8dd3a6e17e46a9de7a98544271fb2ca2a
-
SHA512
608d6aef3b14dc3b47a2ef52aa28ebc8f822f1abbb5d629aee4c05c7b66b7f1a2d749fd4fa9fa325dc5e34f2046385d8c02b4635beda3f0528fb5362125b6136
-
SSDEEP
768:2y3W7StbRDfJPZvmwBtqWpCkRNJQNylmEih9grBXiC0u:22tFB4W/5dKu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aa69bb205f345122e98e52e7f054f1f6_JaffaCakes118
Files
-
aa69bb205f345122e98e52e7f054f1f6_JaffaCakes118.sys windows:5 windows x86 arch:x86
e7f854b224aef4c7228fcbf0d543630e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncmp
wcslen
towlower
ZwClose
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwOpenKey
RtlInitUnicodeString
KeDelayExecutionThread
wcsstr
ZwQueryValueKey
_except_handler3
ZwCreateFile
IoRegisterDriverReinitialization
ZwDeleteValueKey
PsCreateSystemThread
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
_strnicmp
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
strncmp
strncpy
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 832B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ