Static task
static1
General
-
Target
b0a2aa90470e171575d19b46a8716789_JaffaCakes118
-
Size
40KB
-
MD5
b0a2aa90470e171575d19b46a8716789
-
SHA1
0eff6a232c5036c7a83614cc412a08653d6afc35
-
SHA256
88ad0fe2a5e7d616da795c40965e6ac42d6e7a385f26a65caff5d94329a5727c
-
SHA512
424b0f4b1a0b58517f4f47265357f750b2938853ba9aed6129c5838c05e6c2efd6c6b77955d6673d2812e19c7d03267d4c789dfdebccc36b11e032e62b30520e
-
SSDEEP
768:NxI2udsX3HgJNIHB8eMBF0TbtW5cKDv7s7JF+lhGDuE2CT6/eX:zINmHmNIcv+EW8jQ8AuiL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b0a2aa90470e171575d19b46a8716789_JaffaCakes118
Files
-
b0a2aa90470e171575d19b46a8716789_JaffaCakes118.sys windows:4 windows x86 arch:x86
a9b2005cda0e7ef56df9f18e4e04b41d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlCompareUnicodeString
RtlInitUnicodeString
_wcsnicmp
wcslen
ObfDereferenceObject
ZwSetValueKey
ObReferenceObjectByHandle
IoRegisterDriverReinitialization
ZwClose
PsGetVersion
ZwDeleteKey
ZwOpenKey
ZwCreateKey
swprintf
wcsncpy
wcsrchr
KeTickCount
KeQueryTimeIncrement
_stricmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_wcsicmp
strncmp
ZwSetInformationFile
ZwCreateFile
wcscpy
MmIsAddressValid
IoGetCurrentProcess
ZwQueryValueKey
_except_handler3
ExFreePool
_snprintf
ExAllocatePoolWithTag
IoDeviceObjectType
wcsstr
_wcslwr
_snwprintf
wcschr
PsSetCreateProcessNotifyRoutine
RtlCopyUnicodeString
strncpy
PsLookupProcessByProcessId
wcscat
IofCompleteRequest
KeDelayExecutionThread
KeQuerySystemTime
RtlAnsiStringToUnicodeString
PsCreateSystemThread
MmGetSystemRoutineAddress
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 50B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ