Static task
static1
General
-
Target
bb254ce07226cb96fc2a89bb75d9a76e_JaffaCakes118
-
Size
185KB
-
MD5
bb254ce07226cb96fc2a89bb75d9a76e
-
SHA1
c74f53159ef71c104f5914156111d6fa3f15f7d6
-
SHA256
97601b61ca05bcbbc8728df517c182d94ff7108d01d29c64c8dadeda4a0e7c1f
-
SHA512
1c7f3af1f79043b183159f432545fc1e40ceabb41fb4b566b55221ea0ecdd98c7ca725f7cea734f6c551ee4ae23dc403f7e9ba3d8e532e1d5ec731870feb53cf
-
SSDEEP
3072:lk2RcfChLSgVf8sJWOXX+/qN8exwRUdZt+2nPrBmeFJEFH:lNGMLRpJWOXXCRUrvProQJEFH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bb254ce07226cb96fc2a89bb75d9a76e_JaffaCakes118
Files
-
bb254ce07226cb96fc2a89bb75d9a76e_JaffaCakes118.sys windows:5 windows x86 arch:x86
b059e5b9bc4372dc0b0271a041b36189
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePool
CcGetFlushedValidData
KeEnterCriticalRegion
RtlCopyLuid
_wcsrev
SeCreateAccessState
MmIsNonPagedSystemAddressValid
ZwDeleteValueKey
RtlUnicodeStringToCountedOemString
LdrEnumResources
IoBuildAsynchronousFsdRequest
SeTokenType
NtQueryInformationProcess
RtlDecompressBuffer
InbvDisplayString
ExIsResourceAcquiredExclusiveLite
LdrFindResource_U
PsSetLoadImageNotifyRoutine
PoSetSystemState
IoCheckEaBufferValidity
CcIsThereDirtyData
ZwQueryObject
ZwQuerySystemInformation
SeQuerySecurityDescriptorInfo
RtlUpcaseUnicodeStringToAnsiString
NtLockFile
ExFreePool
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 115KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE