Static task
static1
General
-
Target
d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118
-
Size
29KB
-
MD5
d4eb78149f576e7c8f0ee088cb9fb123
-
SHA1
68fc8aced19bc3c69845d08b05a87ee1711dee7a
-
SHA256
00512b12f66d7c9d74caf6aadb0855fd11c3a51a3fecdb3c55ec64b2e9e00e67
-
SHA512
0cbcff49ca193936620c8cb084756961b94eb71e88a4dbb7768d468783c023ff71b7c33037a6dc9c51c44bb8ec3ab6f5e0061bf89e4e7f9c2920bec08a0a163d
-
SSDEEP
768:CXoAnRftqvvE0Bs7cYhiFw8ih4jSFcVH7564/3T:CYAntt6Ecf2ph4jSSHl64/
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118
Files
-
d4eb78149f576e7c8f0ee088cb9fb123_JaffaCakes118.sys windows:5 windows x86 arch:x86
083b2fda79bfff27730cc9cc50f8ecd5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
NtTerminateProcess
NtRaiseHardError
NtTerminateThread
RtlUnwind
NtQueryVirtualMemory
RtlSetProcessIsCritical
NtSetInformationProcess
DbgBreakPoint
RtlAllocateHeap
RtlUnicodeStringToAnsiString
RtlNormalizeProcessParams
csrsrv
CsrServerInitialization
Sections
_kelly_ Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ