Static task
static1
General
-
Target
cf6ca666bf6386343e3e77e2f576367b_JaffaCakes118
-
Size
49KB
-
MD5
cf6ca666bf6386343e3e77e2f576367b
-
SHA1
529892f14b41bc40a0158f6e14fd91d6a4757abd
-
SHA256
f6fdc8b7e69e207d25a58e0ed6a372f2decfcb0a7a507c9ce57828d1b76220d0
-
SHA512
174fc04872e9d16b9039b8898933a9f80d7e298c096d89f357d6180bf0c1909617c7b19e16bfe7c06a9365da18a20d7be4be448b2f699583556fa2522fc05141
-
SSDEEP
768:bzIMfzfy8KUze4DIXDKi9AezT9WCZZHPibH:/IMfzza4ADJNdFLi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cf6ca666bf6386343e3e77e2f576367b_JaffaCakes118
Files
-
cf6ca666bf6386343e3e77e2f576367b_JaffaCakes118.sys windows:4 windows x86 arch:x86
5b5e015a56492eefc3bc848f794378eb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
ZwCreateFile
ZwSetValueKey
ZwClose
ZwOpenKey
ZwEnumerateKey
KeDelayExecutionThread
ZwCreateKey
swprintf
RtlInitUnicodeString
wcscat
wcscpy
MmIsAddressValid
ZwUnmapViewOfSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
PsGetVersion
_wcslwr
wcsncpy
IoRegisterDriverReinitialization
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmGetSystemRoutineAddress
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 928B - Virtual size: 900B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 736B - Virtual size: 716B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ