Static task
static1
General
-
Target
aa46aeaf7b3639aa2cb08ce3fc304f9b_JaffaCakes118
-
Size
46KB
-
MD5
aa46aeaf7b3639aa2cb08ce3fc304f9b
-
SHA1
cd1f18db88d79960e922038845ff8f885ae28e1b
-
SHA256
461da09f477bcabecf5310642fc1a5aa62092179f1cecf834244f04762d74adc
-
SHA512
c1f9dcf672c949229b65853efc45c89690c15d28b8ce614986057895a1085e3da582d9f516759cd31fb13bdaa8c7eaf85c4badf38e760f237638c96a6ee7596a
-
SSDEEP
384:DVS2dEzd7v2ddDVwuaeKvXocw7/dGdB7r6u7rZqCoCcJM1lN:DiedWZeSXVy1gBf9fX/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aa46aeaf7b3639aa2cb08ce3fc304f9b_JaffaCakes118
Files
-
aa46aeaf7b3639aa2cb08ce3fc304f9b_JaffaCakes118.sys windows:4 windows x86 arch:x86
9a02530d26d1be93ee5c1d6c45a90cd3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcsncat
ZwMapViewOfSection
ExInterlockedInsertHeadList
IoUnregisterFileSystem
ExInterlockedExtendZone
wcscspn
NtWaitForSingleObject
SeSetSecurityDescriptorInfoEx
ExFreePoolWithTag
Mm64BitPhysicalAddress
IoIsFileOriginRemote
Ke386CallBios
ZwDeleteKey
KeInsertHeadQueue
KeI386MachineType
Exfi386InterlockedDecrementLong
ExCreateCallback
ExfInterlockedInsertHeadList
RtlInitializeSid
RtlUpcaseUnicodeStringToCountedOemString
islower
RtlEnumerateGenericTable
NtSetInformationProcess
MmIsRecursiveIoFault
_snwprintf
NtQueryVolumeInformationFile
sprintf
MmForceSectionClosed
RtlInitString
IoWriteTransferCount
IoCallDriver
RtlExtendedIntegerMultiply
RtlDeleteAtomFromAtomTable
ObInsertObject
IoStartNextPacketByKey
RtlCaptureContext
IoBuildDeviceIoControlRequest
RtlNtStatusToDosErrorNoTeb
IoCreateUnprotectedSymbolicLink
RtlFindUnicodePrefix
ZwFsControlFile
MmGetPhysicalMemoryRanges
IoCreateNotificationEvent
RtlInitAnsiString
IoCheckDesiredAccess
FsRtlAddToTunnelCache
ZwSetDefaultUILanguage
HalPrivateDispatchTable
ExReinitializeResourceLite
RtlDeleteRegistryValue
SeReleaseSecurityDescriptor
RtlDescribeChunk
ZwCreateSection
hal
HalRequestIpi
KeAcquireSpinLock
HalClearSoftwareInterrupt
KeQueryPerformanceCounter
KeQueryPerformanceCounter
ExAcquireFastMutex
KeRaiseIrqlToDpcLevel
HalSetProfileInterval
HalGetEnvironmentVariable
HalReadDmaCounter
ExTryToAcquireFastMutex
HalSystemVectorDispatchEntry
HalSetProfileInterval
KeQueryPerformanceCounter
IoFreeMapRegisters
KeRaiseIrql
HalStopProfileInterrupt
HalAllProcessorsStarted
HalHandleNMI
READ_PORT_USHORT
HalQueryDisplayParameters
READ_PORT_BUFFER_UCHAR
IoReadPartitionTable
KfAcquireSpinLock
IoMapTransfer
KdComPortInUse
KeGetCurrentIrql
HalStartNextProcessor
KeReleaseQueuedSpinLock
KfRaiseIrql
WRITE_PORT_BUFFER_ULONG
ExAcquireFastMutex
HalAdjustResourceList
HalSystemVectorDispatchEntry
READ_PORT_USHORT
IoSetPartitionInformation
HalAllProcessorsStarted
IoFlushAdapterBuffers
READ_PORT_UCHAR
KeRaiseIrqlToDpcLevel
HalRequestSoftwareInterrupt
KeRaiseIrqlToSynchLevel
HalGetEnvironmentVariable
IoReadPartitionTable
IoWritePartitionTable
HalGetBusData
HalSetTimeIncrement
HalFlushCommonBuffer
ExReleaseFastMutex
READ_PORT_USHORT
KfLowerIrql
ExReleaseFastMutex
IoFlushAdapterBuffers
HalStartProfileInterrupt
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalRequestIpi
HalGetEnvironmentVariable
IoFreeMapRegisters
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ