Static task
static1
General
-
Target
d4cfdca40877de09e58d8311c5fb2704_JaffaCakes118
-
Size
21KB
-
MD5
d4cfdca40877de09e58d8311c5fb2704
-
SHA1
dea48dae4ba2886acee21f30a79cce4c9ace680e
-
SHA256
24b51d32286f81736dcfef9c6457e6316df2e1747dac4fe4422f2211e533a024
-
SHA512
35bd70674891f3eed6a9387edb90fd79ac7951de82c3b7ac372ec7d5766198f7506bfd9c4a6ff9df1d77350cb5dec3f69596e834738c033aefa7dd7bc6449f4e
-
SSDEEP
384:+/8EwcL1ol3bYqgavN8wQHyQWQ2tBLjJX0V:+kEwcL18bY0wcQ2LVX0
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4cfdca40877de09e58d8311c5fb2704_JaffaCakes118
Files
-
d4cfdca40877de09e58d8311c5fb2704_JaffaCakes118.sys windows:5 windows x86 arch:x86
e1079efc09106b4dbeacb15bce14c379
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwQuerySymbolicLinkObject
_strnicmp
ZwSetInformationThread
ExFreePoolWithTag
ZwFlushKey
ZwFlushVirtualMemory
RtlInitAnsiString
ZwMapViewOfSection
_alldiv
PsTerminateSystemThread
ExAllocatePoolWithTag
ZwFsControlFile
KeInitializeApc
RtlCreateAcl
ZwQueryDirectoryFile
IoGetStackLimits
ObReferenceObjectByHandle
KeSetImportanceDpc
KeReadStateEvent
ZwFreeVirtualMemory
ZwEnumerateKey
ZwWriteFile
IoAllocateMdl
ExGetPreviousMode
KeSetPriorityThread
_vsnprintf
ZwSetInformationFile
IoGetDriverObjectExtension
_aullshr
ZwOpenSymbolicLinkObject
KeSetTargetProcessorDpc
RtlUnicodeStringToInteger
RtlFreeUnicodeString
ZwQueryValueKey
MmUserProbeAddress
PsLookupProcessThreadByCid
RtlInitUnicodeString
ZwSetInformationProcess
IoGetCurrentProcess
KeInitializeMutex
strrchr
ObOpenObjectByName
towlower
MmMapLockedPagesSpecifyCache
KeQueryTimeIncrement
ZwClose
KeDelayExecutionThread
KeInsertQueueDpc
strncmp
PsThreadType
wcsrchr
ZwDeleteKey
ZwOpenKey
SeSetSecurityDescriptorInfo
RtlMultiByteToUnicodeN
RtlLengthRequiredSid
_snprintf
IoAllocateIrp
RtlUnicodeToMultiByteN
ZwCreateKey
MmIsAddressValid
KeServiceDescriptorTable
KeAddSystemServiceTable
_except_handler3
ExFreePool
KeTickCount
KeQuerySystemTime
ZwQueryInformationFile
ZwCreateFile
memcpy
_allmul
memset
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
MmUnmapLockedPages
RtlTimeToTimeFields
ExSystemTimeToLocalTime
mbstowcs
ExfInterlockedRemoveHeadList
KeWaitForMultipleObjects
PsCreateSystemThread
RtlCompareUnicodeString
ZwQuerySystemInformation
ObfDereferenceObject
KeUnstackDetachProcess
KeStackAttachProcess
IoDeleteDevice
IoDeleteSymbolicLink
ExDeleteNPagedLookasideList
KeWaitForSingleObject
KeReleaseSemaphore
ExfInterlockedInsertTailList
strncpy
IoFreeMdl
KeReadStateSemaphore
ExInitializeNPagedLookasideList
KeInitializeSpinLock
KeInitializeSemaphore
NtBuildNumber
IoCreateSymbolicLink
IoCreateDevice
InterlockedPushEntrySList
InterlockedPopEntrySList
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 14KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 803KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE