Static task
static1
General
-
Target
bcd7479599fabd4c0cb38000d3878bff_JaffaCakes118
-
Size
39KB
-
MD5
bcd7479599fabd4c0cb38000d3878bff
-
SHA1
c91c2ca75298d269615d4fb479f8d3c37d5b6d35
-
SHA256
29f861690ee6e2fab5990808207c32a53bf3c3afffe3e3844f2a7f570d82e5fb
-
SHA512
afa19219df279959bd0f18f00312c4b94bc4eb53e8a0f870084137917278e8dcc8580c74c05129d74c1a1cc0d324191ad6ce8f1ce90f1c27e92e259f419e8157
-
SSDEEP
384:oOVaqbLboSJYAI9W3ENZxX082fCIpjdvUXitIJgHJU77Ak+/WZG30AWNn+FSvla1:TVvbZYp9Lxbv+UXit7+7AWZB+FSa3zT9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bcd7479599fabd4c0cb38000d3878bff_JaffaCakes118
Files
-
bcd7479599fabd4c0cb38000d3878bff_JaffaCakes118.sys windows:4 windows x86 arch:x86
4a683e50000c2f99f09caa142060d4a3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
ExFreePool
memset
ExAllocatePoolWithTag
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
DbgPrint
strcat
sprintf
KeLeaveCriticalRegion
KeEnterCriticalRegion
ObReferenceObjectByName
PsGetCurrentProcessId
KeReleaseMutex
KeWaitForSingleObject
RtlCompareMemory
memmove
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ZwDeviceIoControlFile
RtlWriteRegistryValue
wcscat
wcscpy
PsLookupProcessByProcessId
ZwOpenProcess
ZwQuerySystemInformation
strlen
strcpy
ExGetPreviousMode
_strnicmp
DbgBreakPoint
RtlFreeAnsiString
ZwQueryDirectoryFile
RtlUnicodeStringToAnsiString
_except_handler3
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryKey
ZwClose
ZwCreateKey
ZwOpenKey
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
KeInitializeMutex
InterlockedExchange
KeServiceDescriptorTable
_wcsicmp
RtlQueryRegistryValues
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
IoGetCurrentProcess
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeInitializeSpinLock
PsGetVersion
wcslen
_wcsnicmp
strncat
memcpy
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ