Static task
static1
General
-
Target
adcf22b04db33c69d50a9fa1818b5600_JaffaCakes118
-
Size
77KB
-
MD5
adcf22b04db33c69d50a9fa1818b5600
-
SHA1
c368adb8945340146ddde1337ea45a561c5e2763
-
SHA256
6e8690b77fc50e15f16ab0a9ff479f66c9dbee889bb13a7b64e3225daefd2483
-
SHA512
be1d5a2c0315b067670caf9b828dc4ff84b046462a4ac2b1e94b7bb7f6b81058ed6cac0bc17697ef08d31d1da8924d6e5f4640f71d73bce4f267fd80f193d81c
-
SSDEEP
1536:vv9VbidOqseNsJCmgBSlbGE4GndCMUE0UzGBUXJyo8mllQN0:nHTqse2JNgBSlbd8ElCUXJyo/L
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource adcf22b04db33c69d50a9fa1818b5600_JaffaCakes118
Files
-
adcf22b04db33c69d50a9fa1818b5600_JaffaCakes118.sys windows:5 windows x86 arch:x86
04c12401dc55a9e9470bbbcf0b7f7f83
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
MmIsDriverVerifying
MmLockPagableDataSection
DbgPrompt
DbgBreakPoint
MmUnlockPagableImageSection
ZwQueryVolumeInformationFile
IoBuildDeviceIoControlRequest
IoCancelIrp
MmBuildMdlForNonPagedPool
IoGetCurrentProcess
memmove
IoGetTopLevelIrp
KeTickCount
KeWaitForMultipleObjects
MmProbeAndLockProcessPages
MmMapLockedPagesSpecifyCache
KeClearEvent
KeInitializeSemaphore
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeReleaseSemaphore
ProbeForRead
ProbeForWrite
KeQueryInterruptTime
ZwUnloadDriver
ZwLoadDriver
MmHighestUserAddress
MmIsNonPagedSystemAddressValid
ExRaiseStatus
IoAllocateMdl
MmProbeAndLockPages
RtlCompareMemory
IoReuseIrp
IoAllocateIrp
IoFileObjectType
ZwEnumerateKey
ExAllocatePoolWithTag
KeInitializeTimer
KeInitializeDpc
IoGetDeviceObjectPointer
KeSetTimerEx
MmQuerySystemSize
MmIsThisAnNtAsSystem
IoGetAttachedDeviceReference
KeNumberProcessors
IoCreateSymbolicLink
IoDeleteSymbolicLink
MmPageEntireDriver
MmResetDriverPaging
MmGetSystemRoutineAddress
ZwOpenKey
ZwQueryValueKey
IofCallDriver
IofCompleteRequest
ExInitializeResourceLite
IoSetTopLevelIrp
ZwCreateFile
ObReferenceObjectByHandle
IoGetRelatedDeviceObject
ZwClose
KeInitializeSpinLock
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExAcquireResourceExclusiveLite
SeSinglePrivilegeCheck
KeDelayExecutionThread
IoFreeIrp
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
KeBugCheckEx
IoGetStackLimits
ObfReferenceObject
MmUnlockPages
IoFreeMdl
ExGetPreviousMode
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
RtlEqualUnicodeString
ExQueueWorkItem
IoDetachDevice
KeInitializeEvent
IoCreateDevice
IoDeleteDevice
ExReleaseResourceLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ObfDereferenceObject
RtlCompareUnicodeString
ZwReadFile
PsGetCurrentProcessId
ExDeleteResourceLite
RtlInitUnicodeString
hal
KfRaiseIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 580B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ