Static task
static1
General
-
Target
ef8002298426723f5a7689ac3c503824_JaffaCakes118
-
Size
27KB
-
MD5
ef8002298426723f5a7689ac3c503824
-
SHA1
bd00a12aad2a8a8b30b4b61625e2762f4c8d3b19
-
SHA256
11ec1a2b531cf54c3818b32ee0294d344dd4ca83918aa6b5fa2a2e9a7a7ffdb2
-
SHA512
1d95f3587fc7347a83f78380452be6110d9f23c5781c62f9bffbc7862f66801d505779ec66de69144770bb599ffef7e4c8d75cf3e3d02a483b15d5b2ae78bb94
-
SSDEEP
768:gfRfHOts5PwrbpXNIFo05ChiLmLcIUFEBTU:isaFoTQTyTU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ef8002298426723f5a7689ac3c503824_JaffaCakes118
Files
-
ef8002298426723f5a7689ac3c503824_JaffaCakes118.sys windows:5 windows x86 arch:x86
8a2581c4424c82196e66efeb11467661
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
wcsstr
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
_except_handler3
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ZwDeleteValueKey
KeDelayExecutionThread
PsCreateSystemThread
ExFreePool
wcscpy
ZwEnumerateKey
wcscat
ExAllocatePoolWithTag
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
IofCompleteRequest
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
wcsncmp
towlower
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
_strnicmp
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 786B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ