Static task
static1
General
-
Target
c13cded6079562508c58648e431af2f1_JaffaCakes118
-
Size
48KB
-
MD5
c13cded6079562508c58648e431af2f1
-
SHA1
37acdd78d37658ffbe665ecdccce465666dd0bd7
-
SHA256
89000959eff631e55705abda524853c3f142904bb449353c58c9709d305328eb
-
SHA512
cf6a0f3a5500251c1c3971c4bd09137b493772b423609929edfec8c7796c3c0de4a91478171c4e2fe1e8f077c7462f6172b60cfa7b4edfaca168965cbf120455
-
SSDEEP
768:RtXdBuc60XGPIyyVILBkCNNFB9bkYj8N46Q7JdrBb3g8ICA:Rxdcc7Qe2N2leddrBbVd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c13cded6079562508c58648e431af2f1_JaffaCakes118
Files
-
c13cded6079562508c58648e431af2f1_JaffaCakes118.sys windows:4 windows x86 arch:x86
98fb13f1840cf5dd07dec37ad750c295
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
wcscat
wcscpy
ExAllocatePoolWithTag
wcslen
ZwClose
ZwCreateFile
RtlInitUnicodeString
wcsrchr
memcpy
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoCreateDevice
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
swprintf
_strnicmp
IoGetCurrentProcess
strlen
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IoDeleteDevice
IoCreateSymbolicLink
KeQuerySystemTime
ZwSetValueKey
ZwDeviceIoControlFile
IoDeleteSymbolicLink
ExFreePool
PsGetCurrentProcessId
_stricmp
PsLookupProcessByProcessId
PsGetCurrentThreadId
InterlockedExchange
_wcsnicmp
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
KeServiceDescriptorTable
ZwOpenKey
ZwEnumerateKey
MmGetSystemRoutineAddress
memset
IoDetachDevice
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
RtlCopyUnicodeString
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
IoFreeIrp
ObQueryNameString
memmove
KeUnstackDetachProcess
sprintf
ZwAllocateVirtualMemory
KeStackAttachProcess
ObOpenObjectByPointer
PsProcessType
ZwDeleteKey
ZwSetInformationFile
ZwWriteFile
ZwCreateKey
ZwQueryValueKey
ZwReadFile
ZwQueryInformationFile
wcsstr
wcschr
IofCompleteRequest
MmUnmapIoSpace
MmMapIoSpace
strcpy
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ