Static task
static1
General
-
Target
b1233d98ae2d47c63554772fde464e34_JaffaCakes118
-
Size
2KB
-
MD5
b1233d98ae2d47c63554772fde464e34
-
SHA1
6f8d2fcc16b06e28359516dfa0d5f3b5e14de543
-
SHA256
201453d09c8f6ccf34f90fcf54b76ecc65dac9594307101176815c489b309fd9
-
SHA512
47229997707cfdff84e23684a690c850f750dea0f6041b8c7794dc3d6de66ee9d91f3a6793dc279f0365e6cf07b6c0335e85f84fa16b5b365eeaa4783b7ee1a6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b1233d98ae2d47c63554772fde464e34_JaffaCakes118
Files
-
b1233d98ae2d47c63554772fde464e34_JaffaCakes118.sys windows:4 windows x86 arch:x86
3986ce064b2894be3878437c0a210092
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwTerminateProcess
ZwClose
_wcsicmp
PsSetLoadImageNotifyRoutine
ZwOpenProcess
Sections
.text Size: 288B - Virtual size: 276B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 192B - Virtual size: 168B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 114B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ