Static task
static1
General
-
Target
fd95cae6fa1e221944f164598277a0fb_JaffaCakes118
-
Size
29KB
-
MD5
fd95cae6fa1e221944f164598277a0fb
-
SHA1
20682eb7769486b3511b09a0349a9c2b0c0af6c4
-
SHA256
a7fa99a5cf18959678af93014c01ec691c7aab078826ac86e50877b681d2958f
-
SHA512
6b345d1b0e4089463011bef44f3b5201aeb27d6422679419f6d941496557c40e1270e7b59e8c5d1a4d0110047adcb1fbe6b71430f759cf7f93a882b06446e7c7
-
SSDEEP
768:ttlNsf8PzF1bCNNY3DbsJQk4iWb+TMwfzwa:t1sf8PzPbCN2T2RaSAwrwa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fd95cae6fa1e221944f164598277a0fb_JaffaCakes118
Files
-
fd95cae6fa1e221944f164598277a0fb_JaffaCakes118.sys windows:4 windows x86 arch:x86
caed740047327835987440169debea21
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64B - Virtual size: 35B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 96B - Virtual size: 86B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 64B - Virtual size: 46B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ