Static task
static1
General
-
Target
d98f88a8b349f70e5c7244a0efa907eb_JaffaCakes118
-
Size
743KB
-
MD5
d98f88a8b349f70e5c7244a0efa907eb
-
SHA1
c99794f678ec5d05aaa3220797d8b89d95415d61
-
SHA256
316b1d425b4c16cf0ee3fe8260d46264d37050c774bf6570af0263d0bd373360
-
SHA512
a7a610e1c1af1a263c602cae198ce0e9bd8967261abd30d676709bf3c34287f6ba31616793a244d784e0eb3b08c7fbc002142cdf4bf2a0a49446efb5a1ee06cb
-
SSDEEP
12288:YIFyH0kZ4CxlarSUwxkAZ2vSmVgqavdao/Pg1FNH68af5l+xIjL5FBri0ZwIw3Gu:YIFjkaCxvzZCS5JdxVhl+G5F9tZwv3G
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d98f88a8b349f70e5c7244a0efa907eb_JaffaCakes118
Files
-
d98f88a8b349f70e5c7244a0efa907eb_JaffaCakes118.sys windows:4 windows x86 arch:x86
2cf3f4dcd57cca590bfcdcd02fc2f622
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeBugCheckEx
IofCallDriver
RtlCompareMemory
PoCallDriver
IoFreeIrp
IoAttachDeviceToDeviceStack
MmMapLockedPagesSpecifyCache
KeInitializeTimer
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
IoRegisterDeviceInterface
MmGetSystemRoutineAddress
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
MmMapIoSpace
RtlAppendUnicodeStringToString
KeInitializeMutex
IoAcquireCancelSpinLock
KeRemoveQueueDpc
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
Sections
.text Size: 315KB - Virtual size: 314KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 686B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 411KB - Virtual size: 411KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ