Static task
static1
General
-
Target
b07a64b5db8d1ab947a0774ce2a5aec8_JaffaCakes118
-
Size
27KB
-
MD5
b07a64b5db8d1ab947a0774ce2a5aec8
-
SHA1
69d7d5cafa6a885154160e2d7f652a444d4c752e
-
SHA256
2220af479ce728368074d10e97ee13a16cbf4698a58a45c24d704fc897b77e77
-
SHA512
70ce430bfe8e06a0b65d79ecfba8f0c04486e1b39e448af770df4002159c173f54959a4b59979bc7c4b50dd1b2b2f7cb92fddb0c07d7fdd67cf30dd1f518fdd1
-
SSDEEP
192:Ww+9Z4DqqtPvtJc/2Mpt0/08zkkJhZ+jiICkHkc8KzFH2:b+9atPv/ceM/0VkkJI3Hkc8Kzl2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b07a64b5db8d1ab947a0774ce2a5aec8_JaffaCakes118
Files
-
b07a64b5db8d1ab947a0774ce2a5aec8_JaffaCakes118.sys windows:6 windows x86 arch:x86
ceba30b1ce89a093faffdc3da6fc8ee4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePoolWithTag
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
_strnicmp
IoGetCurrentProcess
strncmp
KeUnstackDetachProcess
ProbeForRead
KeStackAttachProcess
PsLookupProcessByProcessId
ProbeForWrite
memcpy
PsGetCurrentProcessId
KeSetEvent
ObfDereferenceObject
KeGetCurrentThread
KeServiceDescriptorTable
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
memset
RtlCompareMemory
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwClose
KeWaitForSingleObject
memmove
KeTickCount
KeBugCheckEx
IofCompleteRequest
ObReferenceObjectByHandle
KeInitializeEvent
RtlUnwind
hal
ExReleaseFastMutex
ExAcquireFastMutex
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 980B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ