Static task
static1
General
-
Target
bb14de6654485934bce0c58c2de6eef2_JaffaCakes118
-
Size
40KB
-
MD5
bb14de6654485934bce0c58c2de6eef2
-
SHA1
6658e492b70d4c7fed7efd6e9f8b6c4f6c073e22
-
SHA256
6575b636e6d26b5995f4b1fa54c73833e1807256e1a1169d95635ef37bf8f742
-
SHA512
b6e77b4e79f57cdd86481e468b63370a94f8d518349813446dce58594052eaf94591b1af103e46e17b7a954e720274f507f4912087686f25c9c2e2875de5d64d
-
SSDEEP
768:w/1yzxqjVHx3IifO1+5EeQLvn3ukVF//LLZ0DTMP1a3h2ibu9qdU0OpATrOxi304:e1smHx3IifOM6vbn3ukL/3ZmMw3h2ii8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bb14de6654485934bce0c58c2de6eef2_JaffaCakes118
Files
-
bb14de6654485934bce0c58c2de6eef2_JaffaCakes118.sys windows:4 windows x86 arch:x86
e666bcf0026b6aac2a6d29290eb96216
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
PsCreateSystemThread
IofCompleteRequest
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
ZwQueryValueKey
RtlInitUnicodeString
ZwSetValueKey
strncmp
RtlCompareUnicodeString
MmIsAddressValid
IoDeviceObjectType
_wcsicmp
wcsncpy
wcslen
wcsrchr
swprintf
ObReferenceObjectByHandle
_snwprintf
ZwOpenKey
IoRegisterDriverReinitialization
KeQuerySystemTime
ZwCreateKey
wcscat
wcscpy
KeDelayExecutionThread
_except_handler3
strncpy
PsLookupProcessByProcessId
_stricmp
KeTickCount
KeQueryTimeIncrement
_wcsnicmp
wcschr
ZwDeleteKey
ZwSetInformationFile
ZwCreateFile
wcsstr
_wcslwr
PsSetCreateProcessNotifyRoutine
_snprintf
RtlAnsiStringToUnicodeString
IoGetCurrentProcess
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
PsGetVersion
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 83B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 736B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ