Static task
static1
General
-
Target
b672645be311069295cd0ed8fbc7c70e_JaffaCakes118
-
Size
16KB
-
MD5
b672645be311069295cd0ed8fbc7c70e
-
SHA1
f83096934fc1c3df8c01375e428dc56a7a2eaee7
-
SHA256
7d879f99dc807ab3912c8d8fb2a76bdbacd94f10fe6e88d64a9abf8b775c887d
-
SHA512
cf4ec3b0b56b64369a558bde092acc83a11957f87a88cc05d588251096d2b62d7380013ef17a8574e7a432d19ada592579a8b1b3e761acf37cec6780d6f2af35
-
SSDEEP
384:3u/0w8NItBq7t5myTivc6nMzjFwZrmv1mdY6TeIdgXgW:3LNItoB5ml0wCmZrigdYIqw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b672645be311069295cd0ed8fbc7c70e_JaffaCakes118
Files
-
b672645be311069295cd0ed8fbc7c70e_JaffaCakes118.sys windows:4 windows x86 arch:x86
4d83217f79b814729f12a1de14f29bfe
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
isxdigit
strstr
ZwClose
swprintf
atoi
isupper
toupper
KeDelayExecutionThread
ZwCreateKey
wcslen
RtlInitUnicodeString
wcscat
wcscpy
strchr
RtlAnsiStringToUnicodeString
isprint
atol
islower
isdigit
strrchr
MmIsAddressValid
ZwCreateFile
srand
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
isspace
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
tolower
PsGetVersion
DbgPrint
ZwUnmapViewOfSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
_wcslwr
wcsncpy
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwEnumerateKey
ZwSetValueKey
ZwOpenKey
strncmp
IoGetCurrentProcess
_wcsnicmp
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 864B - Virtual size: 858B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ