Static task
static1
General
-
Target
da6917276c1356adaa2c6c3d9b688054_JaffaCakes118
-
Size
824KB
-
MD5
da6917276c1356adaa2c6c3d9b688054
-
SHA1
0f7f24eeb69a72a4e23581d766e95214161f3409
-
SHA256
2c0d3341407716afd1e0c1be0b807959e9e96cb1f4ea87f772947ca5cf8471e8
-
SHA512
a6e00995b90847eb4b3c3cd1e8b1ff5e25bba9bab884f1c2ede520c2d641dabb7451f5337d5aa910738bc18889c2cf3660ed1fe3896b9ff46fbc747e81a361ec
-
SSDEEP
24576:s04P0SLVus03xOZ1tvUq+xAxvDD7BiFp8nP07pC:sx0SLgO1vXhDD1iFpx8
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource da6917276c1356adaa2c6c3d9b688054_JaffaCakes118
Files
-
da6917276c1356adaa2c6c3d9b688054_JaffaCakes118.sys windows:4 windows x86 arch:x86
885593df62f173273edf7ca3e944c6a4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
sprintf
ZwQuerySystemInformation
ExFreePoolWithTag
IoIsOperationSynchronous
NtBuildNumber
IoGetStackLimits
KeInitializeQueue
Kei386EoiHelper
InbvAcquireDisplayOwnership
Ke386IoSetAccessProcess
CcPreparePinWrite
RtlUnicodeStringToAnsiSize
KeSetEventBoostPriority
WRITE_REGISTER_ULONG
RtlFindFirstRunClear
RtlCopyString
IoRemoveShareAccess
ZwOpenProcess
RtlCopySid
NtAllocateLocallyUniqueId
IoAllocateErrorLogEntry
RtlCompareMemoryUlong
NtNotifyChangeDirectoryFile
RtlFindSetBitsAndClear
ZwRequestWaitReplyPort
PoRequestPowerIrp
RtlReserveChunk
DbgPrompt
ZwSetDefaultLocale
MmDisableModifiedWriteOfSection
IoDeviceHandlerObjectType
InbvResetDisplay
ExAllocateFromPagedLookasideList
_wcsnset
PoCallDriver
KeI386Call16BitCStyleFunction
tolower
IoDeviceObjectType
RtlMapGenericMask
IoRaiseInformationalHardError
RtlxUnicodeStringToAnsiSize
IoCreateFile
Ke386CallBios
SeImpersonateClient
FsRtlFastCheckLockForRead
MmUnmapViewOfSection
IoFastQueryNetworkAttributes
ZwQueryDefaultLocale
IoInitializeRemoveLockEx
IoCreateSymbolicLink
FsRtlSplitLargeMcb
KeServiceDescriptorTable
ObReleaseObjectSecurity
KeDeregisterBugCheckCallback
KeAttachProcess
swprintf
towlower
KeFindConfigurationNextEntry
ZwSetVolumeInformationFile
ZwLoadKey
RtlGetFirstRange
SeReleaseSecurityDescriptor
MmUserProbeAddress
RtlPrefixString
strncmp
FsRtlAllocatePoolWithQuotaTag
RtlGetDefaultCodePage
RtlOemStringToCountedUnicodeString
IoDeleteDevice
KeWaitForMultipleObjects
FsRtlAreNamesEqual
ZwUnloadKey
IoSetThreadHardErrorMode
_local_unwind2
MmRemovePhysicalMemory
_wcslwr
FsRtlTruncateMcb
ZwWaitForSingleObject
NtAllocateVirtualMemory
KeFlushEntireTb
IoAssignResources
FsRtlIsNameInExpression
IoReuseIrp
KeI386SetGdtSelector
IoCreateDevice
CcGetFlushedValidData
MmUnmapIoSpace
RtlTimeToSecondsSince1970
IoWriteErrorLogEntry
FsRtlMdlWriteComplete
RtlQueryTimeZoneInformation
Sections
.text Size: 385KB - Virtual size: 385KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 393B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 419KB - Virtual size: 418KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ