Static task
static1
General
-
Target
d5e5f91cc2991495af96d5af05d81ecd_JaffaCakes118
-
Size
39KB
-
MD5
d5e5f91cc2991495af96d5af05d81ecd
-
SHA1
7dc55f53c3ee21d39c0ee296c98169e97bc76718
-
SHA256
bfcfada2d45e7886b7a5bccdbfcadeaa28e3a9a29bb001f547c07c45fb6ddde9
-
SHA512
fe0f16881df86fce80aa21d9ccac3258f346967bdee9f3aa5362c6a73bd2a2af3c4423ff80f0c914d913cabc8eff1f7996588c8e8a9781f608441e15815aa78a
-
SSDEEP
768:bVWbgLWnjsdF3UycOn/B10QdQlB+FSf+T1:bVWbaO03MKTue1T1
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d5e5f91cc2991495af96d5af05d81ecd_JaffaCakes118
Files
-
d5e5f91cc2991495af96d5af05d81ecd_JaffaCakes118.sys windows:4 windows x86 arch:x86
a073c8500c6cd651b635d7cc03b76e79
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
ExFreePool
memset
ExAllocatePoolWithTag
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
DbgPrint
strcat
sprintf
KeLeaveCriticalRegion
KeEnterCriticalRegion
ObReferenceObjectByName
wcsncpy
IoGetCurrentProcess
PsGetCurrentProcessId
_stricmp
ZwQuerySystemInformation
_wcsicmp
wcsrchr
KeReleaseMutex
KeWaitForSingleObject
RtlCompareMemory
memmove
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ZwDeviceIoControlFile
RtlWriteRegistryValue
wcscat
wcscpy
PsLookupProcessByProcessId
ZwOpenProcess
strlen
strcpy
ZwQueryDirectoryFile
_strnicmp
DbgBreakPoint
RtlFreeAnsiString
strncat
RtlUnicodeStringToAnsiString
_except_handler3
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ZwEnumerateValueKey
ZwEnumerateKey
ZwQueryKey
ZwClose
ZwCreateKey
ZwOpenKey
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
KeInitializeMutex
InterlockedExchange
KeServiceDescriptorTable
RtlQueryRegistryValues
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeInitializeSpinLock
PsGetVersion
wcslen
_wcsnicmp
ExGetPreviousMode
memcpy
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 876B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ