Static task
static1
General
-
Target
f6fd6117a8684b8629fddbe7ee0ccf9c_JaffaCakes118
-
Size
2KB
-
MD5
f6fd6117a8684b8629fddbe7ee0ccf9c
-
SHA1
bd873a269157225bd91fe3ac4efdad70b8ed43c1
-
SHA256
1b4caf7d344d8c4b50aed629c102ddfe55d6828089f83ca6c9a3fe7110fccde9
-
SHA512
1bd3ae45b75346adbb2471f0f62823d7541fc9305555c122be1b0a867df5d12e1223fe14fe8fd65c43169f936299cef10be3bb9a90f78e35aaae6cb14fb92fd6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f6fd6117a8684b8629fddbe7ee0ccf9c_JaffaCakes118
Files
-
f6fd6117a8684b8629fddbe7ee0ccf9c_JaffaCakes118.sys windows:5 windows x86 arch:x86
566d07c9fe8bdfd7d0a289421a003895
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
IoDeleteSymbolicLink
IoGetCurrentProcess
DbgPrint
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
_snprintf
PsGetCurrentProcessId
Sections
.text Size: 1024B - Virtual size: 1010B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 224B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 320B - Virtual size: 312B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 114B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ