Static task
static1
General
-
Target
b9233d99ae5c31bd2cc71fe4407a8f33_JaffaCakes118
-
Size
411KB
-
MD5
b9233d99ae5c31bd2cc71fe4407a8f33
-
SHA1
adaf30af0be9bf4c3e9dd064ca62eb9c48bd1592
-
SHA256
df537cdbda7956e886e164736233e6666902cd7b74499a8b140da5ea8da42199
-
SHA512
288da0eadeb73737956e60ceb305bb1995075c746b828aa866f128399b109a25c2a790dfb9443d440fab37c7aad1b23d7714ff79ece852576a58b83c06709c02
-
SSDEEP
6144:hrLwYgPi5wTJrFZJjd391PpKPnRULoODCtFHI0tTUlUB0CUoOZ:hfUPi5C3e+LgTAUB0CUoOZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9233d99ae5c31bd2cc71fe4407a8f33_JaffaCakes118
Files
-
b9233d99ae5c31bd2cc71fe4407a8f33_JaffaCakes118.sys windows:5 windows x86 arch:x86
69f878238217424ce5327eb7829eec8b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoAllocateMdl
memmove
RtlUnwind
strcpy
strlen
_purecall
ExAllocatePoolWithTag
ExFreePool
memcpy
toupper
_allmul
RtlFreeUnicodeString
ZwOpenDirectoryObject
ZwClose
ZwQuerySymbolicLinkObject
memset
ZwOpenSymbolicLinkObject
ZwCreateFile
ZwQueryVolumeInformationFile
RtlEnlargedUnsignedDivide
RtlEnlargedUnsignedMultiply
RtlInitUnicodeString
strstr
ZwQueryDirectoryFile
vsprintf
IoCreateDevice
IoDeleteDevice
IoGetDeviceObjectPointer
IofCompleteRequest
wcstombs
_aulldiv
_aullrem
_aullshr
_strupr
_strlwr
RtlRaiseException
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
strcmp
MmGrowKernelStack
ZwReadFile
ZwWriteFile
ZwQueryInformationFile
ZwSetInformationFile
RtlConvertLongToLargeInteger
ZwDeleteFile
KeGetCurrentThread
wcscpy
wcslen
sprintf
ZwQuerySystemInformation
_allrem
_alldiv
RtlEqualUnicodeString
_stricmp
_vsnprintf
InterlockedIncrement
InterlockedDecrement
ZwFlushKey
ZwOpenKey
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
ZwQueryKey
ZwDeleteKey
RtlDeleteRegistryValue
ZwEnumerateValueKey
ZwEnumerateKey
ZwLoadKey
ZwUnloadKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
KeDelayExecutionThread
RtlConvertUlongToLargeInteger
PsGetVersion
ZwDeviceIoControlFile
RtlAnsiCharToUnicodeChar
Sections
.text Size: 237KB - Virtual size: 237KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 96B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XDATA Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TEXT Size: 544B - Virtual size: 533B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ