Static task
static1
General
-
Target
b2dfb8f4f27b25a670babd3da0b2bcd7_JaffaCakes118
-
Size
40KB
-
MD5
b2dfb8f4f27b25a670babd3da0b2bcd7
-
SHA1
08f34c1282ed4de95425d6d18a746dda4296f851
-
SHA256
42d3132b694524fe0fe88a2e32b0e04a3fc7dd0238894e38da43f337aa572645
-
SHA512
4bb52941959e46dce2699f01b4225edf0232fcaa16a7b8e5431b2722c7348cfa9056bbba857a2a01f84a0df6933e0338aeb5ce7d5139dcbb1bf379aa9b40bc9a
-
SSDEEP
768:XW9dam/pVBW4M2P9omem+2U23Y6bdZn/tyCCv8YjaVM47s:G9ddbW12CLm+2U2IIZn/tyCCPjKrY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b2dfb8f4f27b25a670babd3da0b2bcd7_JaffaCakes118
Files
-
b2dfb8f4f27b25a670babd3da0b2bcd7_JaffaCakes118.sys windows:4 windows x86 arch:x86
81c5423b20861ecaa9d275c340118570
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
ObReferenceObjectByHandle
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
wcslen
swprintf
wcscat
wcscpy
_snwprintf
wcschr
strncpy
strncmp
ZwDeleteKey
ZwCreateFile
_wcsnicmp
ZwCreateKey
wcsrchr
RtlCopyUnicodeString
ZwSetValueKey
_except_handler3
IoRegisterDriverReinitialization
IofCompleteRequest
RtlCompareUnicodeString
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
KeQuerySystemTime
_wcsicmp
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
_snprintf
IoDeviceObjectType
PsSetCreateProcessNotifyRoutine
wcsstr
_wcslwr
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
_stricmp
ZwSetInformationFile
MmGetSystemRoutineAddress
PsLookupProcessByProcessId
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 68B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ