Static task
static1
General
-
Target
de51de3fb822288ac68696d7e5ad77a8_JaffaCakes118
-
Size
40KB
-
MD5
de51de3fb822288ac68696d7e5ad77a8
-
SHA1
a42fe15327b8d35dac1cae164fa5008d31bc60ae
-
SHA256
60dd2d7f190b945bb30ea51c0d8bc5703dadf1e81cf9eff1574e72cde0e197b6
-
SHA512
6965854321dc36c42db78029d12c2e3a98e41dbb6f563bcda5dccfc72e74a155863b1eba4c8626d1dde775b3e87a952b2eae51ba0082cfa1fd5216593956ec61
-
SSDEEP
768:nGRDziVHTpm6LLyek56WHAtwuujwneYLWHQRPWCFE2myzJ8jVSE6CUdxPl7sh:YfYpmSLyeO6WHWeYLWHCP/vmq8jd6CU4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource de51de3fb822288ac68696d7e5ad77a8_JaffaCakes118
Files
-
de51de3fb822288ac68696d7e5ad77a8_JaffaCakes118.sys windows:4 windows x86 arch:x86
d36ea5da9c3af7a547e4d2bd6f523f81
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwSetValueKey
ZwClose
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
wcsstr
_wcslwr
MmIsAddressValid
_snwprintf
wcsncpy
wcslen
wcschr
_stricmp
swprintf
_wcsnicmp
wcscat
wcscpy
_wcsicmp
strncmp
ZwCreateKey
wcsrchr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strncpy
IoGetCurrentProcess
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
KeTickCount
KeQueryTimeIncrement
PsGetVersion
KeQuerySystemTime
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
RtlCopyUnicodeString
ObReferenceObjectByHandle
IoRegisterDriverReinitialization
PsCreateSystemThread
RtlCompareUnicodeString
ZwDeleteKey
IofCompleteRequest
KeDelayExecutionThread
_snprintf
ZwCreateFile
PsSetCreateProcessNotifyRoutine
IoDeviceObjectType
PsLookupProcessByProcessId
ZwSetInformationFile
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 73B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ