Static task
static1
General
-
Target
ef0f741b00bfd3c7e3f261fd6889b952_JaffaCakes118
-
Size
40KB
-
MD5
ef0f741b00bfd3c7e3f261fd6889b952
-
SHA1
5a448b90b7404b3f3c1988bc43205c8a03ecb77b
-
SHA256
1d60a39c9391979e87365801d737398f4982f8aca0f819eb65206a35f17eb8de
-
SHA512
5aa4318e30fcd49143f8158d3e27d9808ea3ca26820952e3b8c2eaec3c549574261c5123ce23d7b5781081426c312cd140056fc3ad4f3d1fe8a21ae986766621
-
SSDEEP
768:on7BFZru65jn+j9S5FntbG86SFooMjniAKH9e4gkplw1axqgsGUJBZd2YP4uj+s:073k4n29SHndtms9e4Zld8gsGU1dttv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ef0f741b00bfd3c7e3f261fd6889b952_JaffaCakes118
Files
-
ef0f741b00bfd3c7e3f261fd6889b952_JaffaCakes118.sys windows:4 windows x86 arch:x86
270ba4a6225803ff64c8121648dcf7ce
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlCopyUnicodeString
wcslen
ZwCreateKey
RtlInitUnicodeString
swprintf
wcsncpy
wcsrchr
KeDelayExecutionThread
KeQuerySystemTime
ZwClose
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
ZwOpenKey
PsSetCreateProcessNotifyRoutine
_stricmp
wcsstr
_wcslwr
_wcsicmp
strncpy
IoGetCurrentProcess
_snwprintf
wcschr
KeTickCount
KeQueryTimeIncrement
ZwSetValueKey
_wcsnicmp
PsGetVersion
ExAllocatePoolWithTag
strncmp
ZwQueryValueKey
_except_handler3
RtlCompareUnicodeString
ZwCreateFile
PsLookupProcessByProcessId
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
IoDeviceObjectType
ExFreePool
IofCompleteRequest
ZwSetInformationFile
wcscpy
MmGetSystemRoutineAddress
PsCreateSystemThread
wcscat
_snprintf
IoRegisterDriverReinitialization
RtlAnsiStringToUnicodeString
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 64B - Virtual size: 63B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ