Static task
static1
General
-
Target
eede2fc54d70a10f8b878a3e29240a3e_JaffaCakes118
-
Size
20KB
-
MD5
eede2fc54d70a10f8b878a3e29240a3e
-
SHA1
824fba73b0fed9a8da768bfc7de8eacf6cb6b99b
-
SHA256
07a67f3596e5da410e44a9b2448dbd96c61569040f9ca76bd5d216d6b87329f9
-
SHA512
da3f851d1a4c7b4322ef7a928ca65cfc0def2b72d25e42bef6546b37e21a5625b923eb815b31bb57c2cc6189c73a75ca7de38b53a3bcc1737afad3318b00a648
-
SSDEEP
384:ntBNDQjqNIwH0cLd0YnYFcm1Rx4h1tjf91kbeU8vK1x7RGnp:PNDUqNImHLd0YnYKmVIjV1oEA7Ap
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource eede2fc54d70a10f8b878a3e29240a3e_JaffaCakes118
Files
-
eede2fc54d70a10f8b878a3e29240a3e_JaffaCakes118.sys windows:4 windows x86 arch:x86
5691ce50b6c0cdb8ccdb5c5d52652d26
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
RtlInitUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
atoi
isupper
atol
isprint
isxdigit
strrchr
srand
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
_except_handler3
IofCompleteRequest
toupper
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
tolower
isdigit
ZwCreateFile
IoRegisterDriverReinitialization
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
_strnicmp
strncmp
strncpy
wcsncmp
towlower
isspace
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
strchr
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 992B - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ