Static task
static1
General
-
Target
aa96de58bdc960e8839a4c3588f45791_JaffaCakes118
-
Size
6KB
-
MD5
aa96de58bdc960e8839a4c3588f45791
-
SHA1
82bc6a829b6f24d1fb3d25bb07d2f334925c76f1
-
SHA256
e2f26fef5fb5b86770df812bc26a8baeb324ca64dcabef5547b914d019466dc4
-
SHA512
a5745c8c19d46aee627af1fcfe135977cf8ad8b7a58d4c15fab11087360596a0254a0db764e7942e70a636000e3f601d4317da3c2199008924648a5cbc55316e
-
SSDEEP
96:dZgM17gbltXTmqGLB2/DiRq/x2zRoUtKnsAW2Cu3Viz8wtz1cd9j:hWrXTmqG12LiQ/xXPsAlliz8wYdd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aa96de58bdc960e8839a4c3588f45791_JaffaCakes118
Files
-
aa96de58bdc960e8839a4c3588f45791_JaffaCakes118.sys windows:5 windows x86 arch:x86
b0b67eef723ce5dcb251767cfb6250ab
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExAllocatePoolWithTag
wcscmp
KeServiceDescriptorTable
NtBuildNumber
ZwSetValueKey
ZwOpenKey
_except_handler3
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 382B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ