Static task
static1
General
-
Target
ee859403055f74f0c8a7a013badf8fda_JaffaCakes118
-
Size
41KB
-
MD5
ee859403055f74f0c8a7a013badf8fda
-
SHA1
2241f04ae60914dca75f4feaad9fcc11ac8485b0
-
SHA256
3089409641bbbf0b62dd169c5a43744854ef650d3e580cad6250adda23a4981a
-
SHA512
01907a3a1240bfe0b5adfd66ba3a86ec71b8c63d51f8764618653c2eef0f461cc679ccd54db2c80a1f41514f59ecb2e0dc6f1e89227969c38a113894f0382738
-
SSDEEP
768:8Q5iGSw0jlcVdmKDZnGokEdAsEQYktYgHhMHVeHj06Kf+S8MoDOYW8kdqZfjuxb6:7PD0Ghn59AsFtnBD06q+S8MoDM88qA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ee859403055f74f0c8a7a013badf8fda_JaffaCakes118
Files
-
ee859403055f74f0c8a7a013badf8fda_JaffaCakes118.sys windows:4 windows x86 arch:x86
d22c3cfd647eaeb77487c9a5ea0ae3d8
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwOpenKey
RtlInitUnicodeString
MmIsAddressValid
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
ZwSetValueKey
wcslen
ZwQueryValueKey
_except_handler3
wcsncpy
IoGetCurrentProcess
PsGetVersion
ZwCreateFile
swprintf
_wcsicmp
wcsrchr
RtlCompareUnicodeString
_wcsnicmp
ZwDeleteKey
KeQuerySystemTime
KeDelayExecutionThread
_stricmp
wcsstr
_wcslwr
RtlAnsiStringToUnicodeString
strncpy
PsLookupProcessByProcessId
IofCompleteRequest
strncmp
_snprintf
ObReferenceObjectByHandle
PsCreateSystemThread
ZwCreateKey
wcscat
wcscpy
RtlCopyUnicodeString
IoDeviceObjectType
ZwSetInformationFile
PsSetCreateProcessNotifyRoutine
KeTickCount
KeQueryTimeIncrement
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
_snwprintf
wcschr
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 75B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ