Static task
static1
General
-
Target
e2800ca1a15beb8fa1ea8c40bcb85625_JaffaCakes118
-
Size
41KB
-
MD5
e2800ca1a15beb8fa1ea8c40bcb85625
-
SHA1
a095398fb5df560cd47923758fa9783f8be9afad
-
SHA256
5bda6a6175010422224868682409c3c229a407a3d2f1b249d4a1b6efc4c68c25
-
SHA512
ab6ed1b1ff8a7543af926e61b52642573fab2c81f84c0a71abf44b178c1b072aa76d84d0e36d8c1514eae437abbc1a2c66987db056dc624ccb3469c3ae41f592
-
SSDEEP
768:g7TDih1tCzBBHCVDYCP7o0as2aRfoPe+M4p8/V6zkaVR9pbY8J2pecA2cAt6oH6h:MTDiDgzfHCFYCSspQM4i/Vmf9SBQIUoa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e2800ca1a15beb8fa1ea8c40bcb85625_JaffaCakes118
Files
-
e2800ca1a15beb8fa1ea8c40bcb85625_JaffaCakes118.sys windows:4 windows x86 arch:x86
f380bc1e580bf1637e0fffb868c1398f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeDelayExecutionThread
KeQuerySystemTime
ObReferenceObjectByHandle
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwSetValueKey
_wcsnicmp
wcslen
ObfDereferenceObject
strncmp
_snwprintf
ZwClose
ZwQueryValueKey
ZwOpenKey
_except_handler3
PsGetVersion
MmIsAddressValid
wcsncpy
wcsrchr
wcscat
wcscpy
_wcsicmp
swprintf
IoRegisterDriverReinitialization
IoDeviceObjectType
ZwCreateKey
RtlCopyUnicodeString
RtlCompareUnicodeString
_stricmp
wcsstr
_wcslwr
PsCreateSystemThread
IoGetCurrentProcess
ZwDeleteKey
KeTickCount
KeQueryTimeIncrement
strncpy
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
IofCompleteRequest
MmGetSystemRoutineAddress
ZwCreateFile
ZwSetInformationFile
wcschr
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 64B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ