Static task
static1
General
-
Target
b9e599f75876598ae484d83b38de12cd_JaffaCakes118
-
Size
40KB
-
MD5
b9e599f75876598ae484d83b38de12cd
-
SHA1
471f20e15a2942631761cc8cabff71c05059a9f6
-
SHA256
1cb3cd089cae99cd6aca7754a9ecfa27e15b7b32dc2b2a1d46f481a510a6e8cf
-
SHA512
456ac4b27bacba2bbc535c7c65d603801baf00af73c217f914704cc932ea62be534e635b8497588284c9ba33bf3e1b29a9712a044dd9f7a5533b3f0a49659407
-
SSDEEP
768:ssa2SW0BJfeMQeEi5enw5IBCBXarkpBgYzBpEDrYwXCuVXmLX2ZXV5c:gZBBkeETw5cyariggo3YwXCulmr2ZD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9e599f75876598ae484d83b38de12cd_JaffaCakes118
Files
-
b9e599f75876598ae484d83b38de12cd_JaffaCakes118.sys windows:4 windows x86 arch:x86
5305f00004c4b33da1b47bd62ce21e2e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
ZwClose
swprintf
ZwOpenKey
KeQuerySystemTime
_wcsnicmp
wcslen
_stricmp
wcsstr
_wcslwr
RtlInitUnicodeString
ObfDereferenceObject
ZwQueryValueKey
RtlCopyUnicodeString
ZwDeleteKey
RtlCompareUnicodeString
ObReferenceObjectByHandle
_wcsicmp
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscat
wcscpy
_except_handler3
wcsrchr
IoDeviceObjectType
strncmp
ZwCreateKey
strncpy
PsSetCreateProcessNotifyRoutine
KeTickCount
KeQueryTimeIncrement
ZwSetInformationFile
ZwCreateFile
ExFreePool
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
PsLookupProcessByProcessId
PsCreateSystemThread
_snprintf
_snwprintf
KeDelayExecutionThread
wcschr
RtlAnsiStringToUnicodeString
IofCompleteRequest
IoRegisterDriverReinitialization
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 69B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ