Static task
static1
General
-
Target
db0d62b069c207765332c8bde0712f0d_JaffaCakes118
-
Size
40KB
-
MD5
db0d62b069c207765332c8bde0712f0d
-
SHA1
dc8224aac2b97a298e96cc3e7cf2545c4c17771c
-
SHA256
2845d9340a52bc4de4f7c59f918543160698930e9e950cc6d42ef72bb4ed6446
-
SHA512
bd7337953796faf6be4076742baa49db69a68f96aceb7473d4bb82e4537dbf93ab66014db4a36f4250f85d9bcd9efcb10d2ce5a0efa71f070d75399264977e42
-
SSDEEP
768:IJK0RUBof7iERVrp4xdaSQyM8hDBH1RNqRrooadb0yZxjE1qIEX42nH:gaWiGrWHaSQg3Nh3K8FI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource db0d62b069c207765332c8bde0712f0d_JaffaCakes118
Files
-
db0d62b069c207765332c8bde0712f0d_JaffaCakes118.sys windows:4 windows x86 arch:x86
3eb90cd9d37ed72ae5b52ee0b52c6259
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlInitUnicodeString
ZwClose
ZwSetValueKey
wcslen
swprintf
ZwOpenKey
ZwCreateKey
IofCompleteRequest
_wcsicmp
wcsncpy
wcsrchr
wcscat
wcscpy
ZwQueryValueKey
_except_handler3
_snwprintf
ExAllocatePoolWithTag
ZwDeleteKey
wcsstr
_wcslwr
RtlCopyUnicodeString
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
PsCreateSystemThread
wcschr
_wcsnicmp
ZwSetInformationFile
ZwCreateFile
PsGetVersion
IoGetCurrentProcess
KeQuerySystemTime
KeDelayExecutionThread
RtlCompareUnicodeString
IoDeviceObjectType
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
KeTickCount
KeQueryTimeIncrement
_stricmp
ExFreePool
strncpy
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsSetCreateProcessNotifyRoutine
strncmp
RtlAnsiStringToUnicodeString
_snprintf
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 66B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ