Static task
static1
General
-
Target
f6bde5351686aca098c0ce91c3ac4c9f_JaffaCakes118
-
Size
29KB
-
MD5
f6bde5351686aca098c0ce91c3ac4c9f
-
SHA1
40fa8c2f1a2a7cc8c5820b909148cb06309ea2f6
-
SHA256
ecd08f058a940698fa7386ddb43c658c1aec137216bda5e032ab14064c2a6264
-
SHA512
98158c94f5769f214787b81ce123718bf3b8127f4c4db69da8f5bac5b8dce157d63c01f582b52d1547da20d6acfc743ff3ca9de429f304bb1df7b8c4d4853f06
-
SSDEEP
768:jZOCPEci57foZLMTGor2iUi0ZOsoLzRL5K4vGYdJf:lxPEci1foZLuGor2irjNRL5K4vGuf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f6bde5351686aca098c0ce91c3ac4c9f_JaffaCakes118
Files
-
f6bde5351686aca098c0ce91c3ac4c9f_JaffaCakes118.sys windows:5 windows x86 arch:x86
46615877702bc8e314f51f58418af717
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateTimer
RtlAnsiCharToUnicodeChar
RtlImageNtHeader
NtAddAtom
KeInitializeSpinLock
IoQueryDeviceDescription
LpcRequestWaitReplyPort
ExFreePool
ExAllocatePool
RtlAddRange
PsReturnPoolQuota
CcMdlRead
wctomb
ZwSetSecurityObject
ExInterlockedRemoveHeadList
ZwDeleteFile
PsDisableImpersonation
memcpy
ZwDeleteKey
CcMapData
FsRtlNotifyVolumeEvent
hal
IoFreeAdapterChannel
HalAssignSlotResources
HalDisplayString
HalRequestIpi
KeFlushWriteBuffer
HalSystemVectorDispatchEntry
WRITE_PORT_BUFFER_UCHAR
KfLowerIrql
KeGetCurrentIrql
KeQueryPerformanceCounter
KeReleaseQueuedSpinLock
READ_PORT_BUFFER_ULONG
ExAcquireFastMutex
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ