Static task
static1
General
-
Target
aece3ef541fccbbfb5e3d6ab973f7907_JaffaCakes118
-
Size
47KB
-
MD5
aece3ef541fccbbfb5e3d6ab973f7907
-
SHA1
a77ead428ec56e983eb58e9206d5dde708488bd6
-
SHA256
8c6f4f662db2127b9872c610d578d7fdfaf02408d945232b28e3d33d21917cb5
-
SHA512
289abb92b2b8b3980bd88a0ee3943ccacb306c71985039ef197fe06745838997f3f586d02d2f92f73a4a9b527cc8d88cf54213f0dc9f02abe8f8b913a861f82d
-
SSDEEP
384:YTVOpVmTYx/WzJk12PBOQCh3c8Ihuz95u+ns4aJoBJd2diOmdu:AVcN4OFM8tm4aJoBzQKu
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aece3ef541fccbbfb5e3d6ab973f7907_JaffaCakes118
Files
-
aece3ef541fccbbfb5e3d6ab973f7907_JaffaCakes118.sys windows:4 windows x86 arch:x86
00f2753fba5dceefc01c25cd43f9a20a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
RtlSetTimeZoneInformation
ZwUnloadKey
KdPollBreakIn
Exfi386InterlockedDecrementLong
RtlDecompressFragment
FsRtlRemoveLargeMcbEntry
NtReadFile
ZwResetEvent
CcScheduleReadAhead
ZwSetSystemTime
KeI386FlatToGdtSelector
RtlLargeIntegerShiftLeft
ExEventObjectType
RtlCreateRegistryKey
MmMapLockedPages
InterlockedCompareExchange
KdPollBreakIn
KiIpiServiceRoutine
ObCreateObject
PsEstablishWin32Callouts
IoStartPacket
NtQuerySecurityObject
FsRtlInitializeTunnelCache
ZwOpenProcess
ExQueueWorkItem
SeAccessCheck
ExReleaseResourceForThreadLite
SePrivilegeCheck
RtlLargeIntegerArithmeticShift
vsprintf
IoInitializeIrp
RtlUshortByteSwap
KeInitializeMutex
SeReleaseSecurityDescriptor
FsRtlLookupLargeMcbEntry
MmProbeAndLockPages
IoCreateNotificationEvent
SeFreePrivileges
_strset
IoCreateSynchronizationEvent
IoIsSystemThread
KeInsertQueueApc
RtlTimeToSecondsSince1970
KeSetTimeIncrement
IoStartNextPacket
KeSetTimer
towlower
RtlUnicodeStringToOemSize
FsRtlInitializeTunnelCache
PsChargePoolQuota
ZwCreateSection
RtlGetAce
FsRtlMdlReadComplete
ExfInterlockedPopEntryList
RtlNtStatusToDosError
KeInitializeMutant
IoSetThreadHardErrorMode
ZwSetSystemTime
RtlGetFirstRange
FsRtlNotifyFullReportChange
RtlEqualString
IofCallDriver
RtlCopyRangeList
RtlFindMessage
KeStackAttachProcess
IoFreeIrp
SeRegisterLogonSessionTerminatedRoutine
NtNotifyChangeDirectoryFile
RtlTimeToTimeFields
ExAcquireSharedStarveExclusive
RtlAreAllAccessesGranted
KeInitializeSemaphore
MmSetAddressRangeModified
KeInsertHeadQueue
NtQueryDirectoryFile
NtAllocateVirtualMemory
hal
HalAllocateCommonBuffer
IoFreeMapRegisters
WRITE_PORT_BUFFER_ULONG
HalGetEnvironmentVariable
HalSetEnvironmentVariable
HalSystemVectorDispatchEntry
IoMapTransfer
HalMakeBeep
IoWritePartitionTable
READ_PORT_BUFFER_USHORT
IoReadPartitionTable
WRITE_PORT_UCHAR
HalReadDmaCounter
HalClearSoftwareInterrupt
HalSetBusData
WRITE_PORT_ULONG
HalReadDmaCounter
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalMakeBeep
KfReleaseSpinLock
HalRequestIpi
WRITE_PORT_BUFFER_UCHAR
KeGetCurrentIrql
KeAcquireQueuedSpinLockRaiseToSynch
HalInitSystem
HalAcquireDisplayOwnership
IoFreeMapRegisters
KeLowerIrql
WRITE_PORT_ULONG
HalReturnToFirmware
IoFreeMapRegisters
KeStallExecutionProcessor
IoFreeMapRegisters
WRITE_PORT_UCHAR
KfRaiseIrql
IoSetPartitionInformation
HalHandleNMI
WRITE_PORT_BUFFER_USHORT
WRITE_PORT_BUFFER_ULONG
HalAllocateCrashDumpRegisters
HalAllocateCrashDumpRegisters
HalInitSystem
READ_PORT_BUFFER_UCHAR
KeGetCurrentIrql
IoFlushAdapterBuffers
HalSetBusDataByOffset
KeReleaseQueuedSpinLock
KeReleaseSpinLock
HalReportResourceUsage
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLockRaiseToSynch
WRITE_PORT_BUFFER_USHORT
HalReportResourceUsage
HalSetBusData
HalQueryRealTimeClock
READ_PORT_ULONG
READ_PORT_ULONG
HalSetBusDataByOffset
HalSetTimeIncrement
HalCalibratePerformanceCounter
HalGetBusDataByOffset
HalSetTimeIncrement
HalInitializeProcessor
KfRaiseIrql
READ_PORT_USHORT
HalHandleNMI
HalMakeBeep
READ_PORT_UCHAR
HalAssignSlotResources
HalQueryRealTimeClock
ExReleaseFastMutex
HalAssignSlotResources
HalReturnToFirmware
IoReadPartitionTable
HalAllocateAdapterChannel
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ