Static task
static1
General
-
Target
ada63a48eef838c58c6d2004a30e514a_JaffaCakes118
-
Size
47KB
-
MD5
ada63a48eef838c58c6d2004a30e514a
-
SHA1
539b85304911b3bab99e47a0c8fc26d59f1c8780
-
SHA256
129255031cd146f7a3b4fe08cfcb7405cfe592ee00283e0b619010b2ae2c26c7
-
SHA512
104697df0287013550493850e1730807760ab83930919f43bdffd5b39e87a90fa4f9d0ffa4e9c6e01bcd1c25a633d599e105f679c764d298975059f099234f0a
-
SSDEEP
384:KVOpVmTYx/WzJk12PBOQCh3c8Ihuz95u+ns4aJoBJd2diOmdu:KVcN4OFM8tm4aJoBzQKu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ada63a48eef838c58c6d2004a30e514a_JaffaCakes118
Files
-
ada63a48eef838c58c6d2004a30e514a_JaffaCakes118.sys windows:4 windows x86 arch:x86
00f2753fba5dceefc01c25cd43f9a20a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
RtlSetTimeZoneInformation
ZwUnloadKey
KdPollBreakIn
Exfi386InterlockedDecrementLong
RtlDecompressFragment
FsRtlRemoveLargeMcbEntry
NtReadFile
ZwResetEvent
CcScheduleReadAhead
ZwSetSystemTime
KeI386FlatToGdtSelector
RtlLargeIntegerShiftLeft
ExEventObjectType
RtlCreateRegistryKey
MmMapLockedPages
InterlockedCompareExchange
KdPollBreakIn
KiIpiServiceRoutine
ObCreateObject
PsEstablishWin32Callouts
IoStartPacket
NtQuerySecurityObject
FsRtlInitializeTunnelCache
ZwOpenProcess
ExQueueWorkItem
SeAccessCheck
ExReleaseResourceForThreadLite
SePrivilegeCheck
RtlLargeIntegerArithmeticShift
vsprintf
IoInitializeIrp
RtlUshortByteSwap
KeInitializeMutex
SeReleaseSecurityDescriptor
FsRtlLookupLargeMcbEntry
MmProbeAndLockPages
IoCreateNotificationEvent
SeFreePrivileges
_strset
IoCreateSynchronizationEvent
IoIsSystemThread
KeInsertQueueApc
RtlTimeToSecondsSince1970
KeSetTimeIncrement
IoStartNextPacket
KeSetTimer
towlower
RtlUnicodeStringToOemSize
FsRtlInitializeTunnelCache
PsChargePoolQuota
ZwCreateSection
RtlGetAce
FsRtlMdlReadComplete
ExfInterlockedPopEntryList
RtlNtStatusToDosError
KeInitializeMutant
IoSetThreadHardErrorMode
ZwSetSystemTime
RtlGetFirstRange
FsRtlNotifyFullReportChange
RtlEqualString
IofCallDriver
RtlCopyRangeList
RtlFindMessage
KeStackAttachProcess
IoFreeIrp
SeRegisterLogonSessionTerminatedRoutine
NtNotifyChangeDirectoryFile
RtlTimeToTimeFields
ExAcquireSharedStarveExclusive
RtlAreAllAccessesGranted
KeInitializeSemaphore
MmSetAddressRangeModified
KeInsertHeadQueue
NtQueryDirectoryFile
NtAllocateVirtualMemory
hal
HalAllocateCommonBuffer
IoFreeMapRegisters
WRITE_PORT_BUFFER_ULONG
HalGetEnvironmentVariable
HalSetEnvironmentVariable
HalSystemVectorDispatchEntry
IoMapTransfer
HalMakeBeep
IoWritePartitionTable
READ_PORT_BUFFER_USHORT
IoReadPartitionTable
WRITE_PORT_UCHAR
HalReadDmaCounter
HalClearSoftwareInterrupt
HalSetBusData
WRITE_PORT_ULONG
HalReadDmaCounter
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalMakeBeep
KfReleaseSpinLock
HalRequestIpi
WRITE_PORT_BUFFER_UCHAR
KeGetCurrentIrql
KeAcquireQueuedSpinLockRaiseToSynch
HalInitSystem
HalAcquireDisplayOwnership
IoFreeMapRegisters
KeLowerIrql
WRITE_PORT_ULONG
HalReturnToFirmware
IoFreeMapRegisters
KeStallExecutionProcessor
IoFreeMapRegisters
WRITE_PORT_UCHAR
KfRaiseIrql
IoSetPartitionInformation
HalHandleNMI
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_ULONG
HalAllocateCrashDumpRegisters
HalAllocateCrashDumpRegisters
HalInitSystem
READ_PORT_BUFFER_UCHAR
KeGetCurrentIrql
IoFlushAdapterBuffers
HalSetBusDataByOffset
KeReleaseQueuedSpinLock
KeReleaseSpinLock
HalReportResourceUsage
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetBusData
HalQueryRealTimeClock
READ_PORT_ULONG
READ_PORT_ULONG
HalSetBusDataByOffset
HalSetTimeIncrement
HalCalibratePerformanceCounter
HalGetBusDataByOffset
HalSetTimeIncrement
HalInitializeProcessor
KfRaiseIrql
READ_PORT_USHORT
HalHandleNMI
HalMakeBeep
READ_PORT_UCHAR
HalAssignSlotResources
HalQueryRealTimeClock
ExReleaseFastMutex
HalAssignSlotResources
HalReturnToFirmware
IoReadPartitionTable
HalAllocateAdapterChannel
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ