Static task
static1
General
-
Target
bbe499531d5ea217b6e6d08aa221566b_JaffaCakes118
-
Size
739KB
-
MD5
bbe499531d5ea217b6e6d08aa221566b
-
SHA1
bb770a09076603be7a5e2e511e842167bfe80c9d
-
SHA256
15c4ef05a44f3600c6bf0d60065c58dbaa97a2043e2e94cf60c9d4d8c636374a
-
SHA512
a7558f51939751051edb308424b50733af19124f357e1149d59f82d1a6a54b540f23641ff29b3d66f2664fb8dc9f9c4041b471ea6af6800497b6dbc6e00c090d
-
SSDEEP
12288:7qizZL3/Ac5kw42G+0rrIyZ3VMguEybfufa4p1VAskeLin+esnkoAtnbMxDp0z8Z:7qizZL34c5z0r/zvG2fJs17+1nkttnmL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bbe499531d5ea217b6e6d08aa221566b_JaffaCakes118
Files
-
bbe499531d5ea217b6e6d08aa221566b_JaffaCakes118.sys windows:4 windows x86 arch:x86
e48a6ae05c77c7db3e618ae8e3708461
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
MmCreateMdl
RtlGetCompressionWorkSpaceSize
sprintf
SeDeleteAccessState
SeQuerySessionIdToken
IoDeviceHandlerObjectType
RtlUnicodeToMultiByteN
IoStartNextPacketByKey
CcDeferWrite
ExRaiseAccessViolation
FsRtlFindInTunnelCache
RtlFreeUnicodeString
ZwCancelIoFile
KiCoprocessorError
RtlNtStatusToDosErrorNoTeb
RtlAppendAsciizToString
LpcRequestPort
RtlLookupElementGenericTableFull
MmRemovePhysicalMemory
NtRequestPort
FsRtlReleaseFile
SeQuerySecurityDescriptorInfo
RtlTraceDatabaseFind
CcScheduleReadAhead
FsRtlMdlRead
IoGetAttachedDevice
ExDesktopObjectType
RtlFindUnicodePrefix
RtlRealPredecessor
_allmul
memcpy
RtlIntegerToChar
NtAllocateUuids
RtlAnsiCharToUnicodeChar
PsReferencePrimaryToken
IoCreateDevice
MmUnlockPages
IoGetDriverObjectExtension
NtDuplicateToken
KeUnstackDetachProcess
MmSetAddressRangeModified
ObQueryNameString
RtlInitializeRangeList
KdPollBreakIn
IoConnectInterrupt
KePulseEvent
IoAcquireRemoveLockEx
PfxInitialize
_except_handler2
RtlMapGenericMask
RtlUpcaseUnicodeString
SeAssignSecurity
wcsncmp
RtlCreateAcl
ExSystemExceptionFilter
FsRtlOplockIsFastIoPossible
ExInterlockedExtendZone
rand
RtlFindMessage
IoCheckQuotaBufferValidity
MmGetPhysicalAddress
KeTickCount
RtlPrefetchMemoryNonTemporal
ZwQuerySymbolicLinkObject
LsaLookupAuthenticationPackage
PsThreadType
RtlNumberGenericTableElements
FsRtlFastCheckLockForWrite
RtlPinAtomInAtomTable
READ_REGISTER_USHORT
ZwQueryInformationProcess
RtlSizeHeap
RtlFindSetBits
RtlClearBits
ZwRequestWaitReplyPort
ZwEnumerateValueKey
IoVerifyVolume
Ke386SetIoAccessMap
RtlGetDefaultCodePage
RtlImageNtHeader
ZwQuerySection
ZwDeleteFile
RtlUnicodeStringToOemString
RtlAddRange
IoCreateUnprotectedSymbolicLink
RtlCheckRegistryKey
Sections
.text Size: 331KB - Virtual size: 330KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 395KB - Virtual size: 394KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ