Static task
static1
General
-
Target
b9538bf848fb400d4aea6432740e3db1_JaffaCakes118
-
Size
40KB
-
MD5
b9538bf848fb400d4aea6432740e3db1
-
SHA1
6307f04554ee67ce581892b724338295c75b9a57
-
SHA256
818d7245cefc987fef09dea4964ef583fa6d2dade90214763323a3fb3460e048
-
SHA512
45e4f3300c4f026989c7a0b118802fc90940c5960db48e785345c0638af0fbf902e06f1d6c5e030b5cb4758b600f6d34bf34bf42bec0549692531af0885e15ef
-
SSDEEP
768:cjyFzI4r7JprjO4oN6DwZjdO3MwRNPrqPXY5n2r4+hrpqxuW7CMCTBWtxDSY:PFE4rlprK4J+jgMwbPuPo5nv+h0UW2rz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9538bf848fb400d4aea6432740e3db1_JaffaCakes118
Files
-
b9538bf848fb400d4aea6432740e3db1_JaffaCakes118.sys windows:4 windows x86 arch:x86
8bd84945f865a2cd87fb54edf7e07ebf
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
PsCreateSystemThread
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
ZwOpenKey
RtlInitUnicodeString
wcsncpy
wcsrchr
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
ZwSetValueKey
ZwSetInformationFile
ZwCreateFile
wcslen
wcscpy
swprintf
RtlCopyUnicodeString
wcscat
ExFreePool
ExAllocatePoolWithTag
IoRegisterDriverReinitialization
_wcsnicmp
_stricmp
wcsstr
_wcslwr
IoDeviceObjectType
ZwQueryValueKey
_except_handler3
RtlAnsiStringToUnicodeString
KeQuerySystemTime
RtlCompareUnicodeString
ZwCreateKey
_wcsicmp
KeDelayExecutionThread
PsGetVersion
_snwprintf
wcschr
IoGetCurrentProcess
strncmp
IofCompleteRequest
strncpy
PsLookupProcessByProcessId
ZwDeleteKey
_snprintf
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 72B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ