Static task
static1
General
-
Target
f57eed5bc61cd8d359d152849dc57386_JaffaCakes118
-
Size
766KB
-
MD5
f57eed5bc61cd8d359d152849dc57386
-
SHA1
7ee42421cf155f9c448854129fdfeea583552067
-
SHA256
869542c0d44ec0b646164a9a7389c3a2f7e05943dc04a43683421c8c7acc8e47
-
SHA512
bda180c6e57bf8f33f75be74d7220f13e3433e63132b41234764364d708e135aff4a2f90d53444d21271446208f43e140c0adc444a4c75063970d0cafa7a4545
-
SSDEEP
12288:g7UPRCgnpEB+yCnPF9cnQMMhl2ztug3cDAYQXTMuqFPM09/w+G:dPwss+fPF9u5CoQV8YQXIDFPj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f57eed5bc61cd8d359d152849dc57386_JaffaCakes118
Files
-
f57eed5bc61cd8d359d152849dc57386_JaffaCakes118.sys windows:4 windows x86 arch:x86
1317d82e864ccf6ef6b21d779d94ea89
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
sprintf
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
KeInitializeEvent
FsRtlUninitializeLargeMcb
IoIsFileOriginRemote
RtlEqualUnicodeString
NlsOemLeadByteInfo
IoSetDeviceInterfaceState
RtlSplay
RtlEnumerateGenericTable
RtlSetTimeZoneInformation
NlsAnsiCodePage
KeSetProfileIrql
ZwYieldExecution
IoGetDeviceInterfaceAlias
SeCreateClientSecurity
ExInterlockedExtendZone
MmAllocateContiguousMemory
IoGetTopLevelIrp
IoAttachDeviceByPointer
IoFreeWorkItem
_except_handler3
FsRtlPostPagingFileStackOverflow
KeUpdateRunTime
KeQueryInterruptTime
qsort
FsRtlSplitLargeMcb
KeInitializeTimer
PsGetCurrentThreadId
ObReleaseObjectSecurity
RtlRealSuccessor
RtlTraceDatabaseUnlock
PsSetProcessPriorityByClass
KeNumberProcessors
FsRtlCheckLockForReadAccess
ZwDeleteFile
RtlConvertUlongToLargeInteger
MmUserProbeAddress
IoDeviceHandlerObjectSize
KiReleaseSpinLock
KeRemoveByKeyDeviceQueue
IoDeleteDevice
IoCreateFile
NlsMbCodePageTag
KeI386MachineType
ZwSetSystemTime
RtlRandom
IoRegisterDriverReinitialization
FsRtlLookupLargeMcbEntry
IoWriteOperationCount
ExInterlockedPopEntryList
RtlMoveMemory
CcFastCopyRead
FsRtlGetNextLargeMcbEntry
ZwRestoreKey
SeDeassignSecurity
IoCheckQuerySetFileInformation
KeSetTargetProcessorDpc
SeCreateAccessState
IoCreateSymbolicLink
RtlInsertUnicodePrefix
IoCheckShareAccess
ZwOpenDirectoryObject
IoAllocateIrp
IoCreateDevice
RtlTraceDatabaseFind
RtlTraceDatabaseCreate
PsAssignImpersonationToken
CcCanIWrite
IoRemoveShareAccess
IoReportTargetDeviceChange
SeReleaseSubjectContext
wcsncat
ZwDeviceIoControlFile
MmSystemRangeStart
RtlAssert
NtBuildNumber
IoReadTransferCount
Exi386InterlockedDecrementLong
PsReturnPoolQuota
ZwCreateEvent
RtlEqualString
ExEnumHandleTable
MmTrimAllSystemPagableMemory
Sections
.text Size: 349KB - Virtual size: 349KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 371B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 402KB - Virtual size: 401KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ