Static task
static1
General
-
Target
de77826a093f212feafb40932d8f2a15_JaffaCakes118
-
Size
48KB
-
MD5
de77826a093f212feafb40932d8f2a15
-
SHA1
2ece15f820c36ecb66647d443712bab4e787675f
-
SHA256
c4cf09d28a625db704655ce1b2569c3c40a0ffcf6108720fbc7d514759f6c956
-
SHA512
afab69154fff7dbc42951f054e571d687e6b7b8257aac1bfbf1a875f40b5576b19b8c3850089de9e41b10eaf864f02d3cccbd9c25ad099111095688fe3da54ae
-
SSDEEP
384:IScatnGMyPq9gD8PLvdBkF6jSxcZjBqs68Nd2d64FxdlaXSguV:IxknGBq9gD8xBaRxews60Q647
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource de77826a093f212feafb40932d8f2a15_JaffaCakes118
Files
-
de77826a093f212feafb40932d8f2a15_JaffaCakes118.sys windows:4 windows x86 arch:x86
ec6bcf2ed431437530ad5e69ceef8b46
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
HalAllProcessorsStarted
HalSetBusData
KeAcquireQueuedSpinLock
HalSetEnvironmentVariable
HalHandleNMI
KeTryToAcquireQueuedSpinLock
ExAcquireFastMutex
KfRaiseIrql
WRITE_PORT_ULONG
HalRequestIpi
HalRequestIpi
HalDisplayString
KeGetCurrentIrql
KeReleaseSpinLock
KeReleaseSpinLock
HalSetBusDataByOffset
ExAcquireFastMutex
WRITE_PORT_UCHAR
READ_PORT_BUFFER_ULONG
READ_PORT_BUFFER_ULONG
HalInitializeProcessor
IoReadPartitionTable
HalStartNextProcessor
READ_PORT_ULONG
IoFreeAdapterChannel
READ_PORT_ULONG
IoReadPartitionTable
IoMapTransfer
READ_PORT_UCHAR
HalAssignSlotResources
HalAllocateCrashDumpRegisters
HalHandleNMI
HalSetBusData
KfReleaseSpinLock
HalGetBusData
HalMakeBeep
WRITE_PORT_UCHAR
KeQueryPerformanceCounter
WRITE_PORT_ULONG
HalClearSoftwareInterrupt
HalSetProfileInterval
KfReleaseSpinLock
HalQueryRealTimeClock
HalEndSystemInterrupt
READ_PORT_BUFFER_ULONG
WRITE_PORT_UCHAR
HalClearSoftwareInterrupt
KeAcquireSpinLock
HalSetBusDataByOffset
KeAcquireQueuedSpinLockRaiseToSynch
HalAllocateCommonBuffer
HalStartProfileInterrupt
READ_PORT_USHORT
HalSetDisplayParameters
READ_PORT_USHORT
READ_PORT_BUFFER_UCHAR
HalSetBusDataByOffset
HalSetProfileInterval
IoSetPartitionInformation
READ_PORT_UCHAR
READ_PORT_BUFFER_ULONG
HalReportResourceUsage
HalReturnToFirmware
KeStallExecutionProcessor
KeReleaseSpinLock
KfRaiseIrql
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
HalAllProcessorsStarted
KfAcquireSpinLock
HalClearSoftwareInterrupt
ExAcquireFastMutex
HalSetBusDataByOffset
HalQueryDisplayParameters
HalGetInterruptVector
HalCalibratePerformanceCounter
HalFlushCommonBuffer
HalMakeBeep
KeReleaseQueuedSpinLock
KeLowerIrql
HalGetAdapter
HalProcessorIdle
KeTryToAcquireQueuedSpinLockRaiseToSynch
HalReadDmaCounter
KeAcquireSpinLockRaiseToSynch
ntoskrnl.exe
FsRtlUninitializeOplock
strncat
NtVdmControl
RtlLargeIntegerShiftLeft
FsRtlPrepareMdlWrite
KeInitializeMutex
CcGetFileObjectFromSectionPtrs
RtlCompareMemoryUlong
RtlNtStatusToDosErrorNoTeb
ExAcquireResourceExclusiveLite
FsRtlIsTotalDeviceFailure
mbtowc
MmMapUserAddressesToPage
IoFreeMdl
ExCreateCallback
ZwQueryDefaultLocale
RtlAnsiStringToUnicodeSize
FsRtlCurrentBatchOplock
IoFreeWorkItem
KeInitializeEvent
IoSynchronousPageWrite
PoCallDriver
IoQueryVolumeInformation
MmDisableModifiedWriteOfSection
RtlDestroyAtomTable
ExfInterlockedAddUlong
RtlDeleteAce
IoSetThreadHardErrorMode
CcUnpinData
InterlockedIncrement
PoSetHiberRange
_stricmp
RtlInitString
ExEventObjectType
ZwWaitForSingleObject
RtlUpcaseUnicodeStringToOemString
KeInsertQueueDpc
MmAdjustWorkingSetSize
Exi386InterlockedExchangeUlong
MmFreeContiguousMemorySpecifyCache
NlsMbCodePageTag
IoRequestDeviceEject
SeSystemDefaultDacl
KdEnableDebugger
RtlGetDaclSecurityDescriptor
ExCreateCallback
NtQueryEaFile
LsaCallAuthenticationPackage
MmCanFileBeTruncated
ZwEnumerateValueKey
RtlRemoveUnicodePrefix
SeAccessCheck
RtlIsGenericTableEmpty
KeRestoreFloatingPointState
SeCreateClientSecurity
FsRtlCopyRead
ZwResetEvent
wcsrchr
_strrev
WRITE_REGISTER_BUFFER_UCHAR
RtlUnicodeToMultiByteN
FsRtlGetNextMcbEntry
IofCallDriver
ExAcquireResourceSharedLite
SeSetAccessStateGenericMapping
RtlUlongByteSwap
RtlDeleteRegistryValue
wcscpy
MmIsAddressValid
ObReleaseObjectSecurity
FsRtlMdlReadDev
CcScheduleReadAhead
RtlAnsiStringToUnicodeString
FsRtlGetNextLargeMcbEntry
PsInitialSystemProcess
RtlFindLeastSignificantBit
ZwSetInformationThread
ExUuidCreate
IoReleaseRemoveLockAndWaitEx
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 128B - Virtual size: 128B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ