Static task
static1
General
-
Target
f5d1e08c332b1e7b4be75a41e8f5f68d_JaffaCakes118
-
Size
40KB
-
MD5
f5d1e08c332b1e7b4be75a41e8f5f68d
-
SHA1
a8f802ba141d272508113ad3885d30cf1c978733
-
SHA256
4896168b94c4d180d21b8f9cfb7d2d2ab2aec2080b5b9a01fe008d50a08e9ac4
-
SHA512
3099dadbb1055230de62a17b356eef46c3d5852a7625372d2771984fc90d0a532bc4c14e8ba8977e45507e02740cc0cf3c3b5df3a571475807a5e3bda9ba5efd
-
SSDEEP
768:ij8PYaG9xb6qXZlFIvZdbyTL4m/UfUUD88OL0kpMnK8FqU3hFcR96FBTvqIfDyjV:a8PYa6hvlCvDbyH/UfG8OLHQKGqgi9oT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f5d1e08c332b1e7b4be75a41e8f5f68d_JaffaCakes118
Files
-
f5d1e08c332b1e7b4be75a41e8f5f68d_JaffaCakes118.sys windows:4 windows x86 arch:x86
35aa02fd34c4c696c830771aaef8b46d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strncmp
RtlCompareUnicodeString
RtlInitUnicodeString
ZwClose
ZwSetInformationFile
ZwCreateFile
wcslen
wcscpy
swprintf
PsCreateSystemThread
wcsstr
_wcslwr
strncpy
PsLookupProcessByProcessId
_stricmp
MmGetSystemRoutineAddress
ZwSetValueKey
wcscat
ZwQueryValueKey
ZwOpenKey
_except_handler3
_snwprintf
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwDeleteKey
IoGetCurrentProcess
ObfDereferenceObject
PsSetCreateProcessNotifyRoutine
wcsncpy
MmIsAddressValid
PsGetVersion
ZwCreateKey
_wcsicmp
wcsrchr
ExFreePool
_snprintf
RtlCopyUnicodeString
IoDeviceObjectType
KeTickCount
KeQueryTimeIncrement
IoRegisterDriverReinitialization
wcschr
KeDelayExecutionThread
KeQuerySystemTime
_wcsnicmp
ObReferenceObjectByHandle
IofCompleteRequest
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 96B - Virtual size: 89B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ