Static task
static1
General
-
Target
dc99598be6f533a4eed74e504acc8c8a_JaffaCakes118
-
Size
40KB
-
MD5
dc99598be6f533a4eed74e504acc8c8a
-
SHA1
b248214ba5d0366947b0773554023d26b32663a5
-
SHA256
509bb1d73e3dabb634c21ab649f686b0067e3f83490a676039b53f3736ff3179
-
SHA512
a993150401de761de4e6bce87fef485285046f069e586dc79fbf2358348e67b4dcac76a12d9dc6cc25d9208be26f9c6d15db81948e7d86a07f2d200c1ee8766d
-
SSDEEP
768:5+wBB3muCRD7JFtnIglYZ7mQN+L3G06U2VnY4IpLSArpmfYDlnKDdS6Ef4VGG0Q:IwBP61FprdQNaG0qVnY4ErGDUdJr
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dc99598be6f533a4eed74e504acc8c8a_JaffaCakes118
Files
-
dc99598be6f533a4eed74e504acc8c8a_JaffaCakes118.sys windows:4 windows x86 arch:x86
57167cf01508f136b0d29d0257f17032
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
strncpy
PsLookupProcessByProcessId
_stricmp
ZwSetValueKey
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObfDereferenceObject
_wcsicmp
wcsncpy
MmIsAddressValid
PsGetVersion
ZwQueryValueKey
RtlInitUnicodeString
_wcsnicmp
wcslen
PsCreateSystemThread
MmGetSystemRoutineAddress
_snprintf
_snwprintf
KeDelayExecutionThread
KeQuerySystemTime
IoDeviceObjectType
swprintf
wcsstr
_wcslwr
wcschr
RtlCompareUnicodeString
ZwDeleteKey
ZwOpenKey
KeTickCount
KeQueryTimeIncrement
RtlCopyUnicodeString
wcsrchr
ObReferenceObjectByHandle
_except_handler3
ZwSetInformationFile
ZwCreateFile
wcscpy
PsSetCreateProcessNotifyRoutine
wcscat
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IoRegisterDriverReinitialization
IofCompleteRequest
ZwCreateKey
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 57B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ