Static task
static1
General
-
Target
d62f62ea9dc15e5379c5ace387299945_JaffaCakes118
-
Size
40KB
-
MD5
d62f62ea9dc15e5379c5ace387299945
-
SHA1
0958e34afb637005d3b66b4eb355a96476eb392a
-
SHA256
b647d99fcad0c89e9e6e1a8c56c439e7d3ac72869955832f10f94cb60cd85ac3
-
SHA512
670e5126a2e0d9d09a5ed3fbd7afbd4b93236152d4a26bd9e1b39fb9d860df89ca75780eae8e565638cb1084dc79acbb4765b125e7fbd98b27893146b10d8b81
-
SSDEEP
768:Pera3FQZQNVxfyTYxfBSvnBvxyeclVhtQiEvSFONeG8zPGlLlaw:Pera1cGVVyTQfBy5x14HSixFeeG8jGll
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d62f62ea9dc15e5379c5ace387299945_JaffaCakes118
Files
-
d62f62ea9dc15e5379c5ace387299945_JaffaCakes118.sys windows:4 windows x86 arch:x86
df5818e2fd5e4e9764c37db9ffe44ebf
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
swprintf
KeQuerySystemTime
_snwprintf
ExAllocatePoolWithTag
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
ZwClose
ZwOpenKey
ExFreePool
ObfDereferenceObject
ZwSetValueKey
ZwCreateKey
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
ZwQueryValueKey
_except_handler3
wcslen
_wcsnicmp
_wcsicmp
_stricmp
wcsstr
_wcslwr
_snprintf
KeDelayExecutionThread
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
RtlCompareUnicodeString
ZwDeleteKey
ZwSetInformationFile
ZwCreateFile
wcscpy
PsSetCreateProcessNotifyRoutine
MmGetSystemRoutineAddress
wcscat
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
wcschr
PsGetVersion
PsCreateSystemThread
IoDeviceObjectType
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeQueryTimeIncrement
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 85B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 736B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ