Static task
static1
General
-
Target
fe883e153e256b5b7dacf935e5510741_JaffaCakes118
-
Size
127KB
-
MD5
fe883e153e256b5b7dacf935e5510741
-
SHA1
b6ca6d1291ef30101297e64a8978d9b025b5e7cd
-
SHA256
43b5802003bbb94949f3adccca6e75aa1aecb9d9e9eae23024613c7b22ad613d
-
SHA512
b6ea080adc229dc153ebd1570a4d8ec644061f43c7c0db7b7f1dbaa6cafb8281ccb553adb111260237d08baf0b1e5ecf17124b0ad6174c9ae505cb670c6a80d3
-
SSDEEP
3072:wZrbqbLIppMGRAduzU1vBDVb3jh8uU5lWqmKWTqs+Cs1FHa:aPq/qSGCdxZDh3jhVU5lWrFVsrHa
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fe883e153e256b5b7dacf935e5510741_JaffaCakes118
Files
-
fe883e153e256b5b7dacf935e5510741_JaffaCakes118.sys windows:5 windows x86 arch:x86
ee0e0ffa8a2947d0469134eec91ec479
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
IoDeleteDevice
KeSetEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
sprintf
IoCreateDevice
RtlFreeUnicodeString
PsCreateSystemThread
KeInitializeSpinLock
KeQuerySystemTime
strncpy
strncmp
MmIsAddressValid
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
KeInitializeEvent
KeDelayExecutionThread
ZwWriteFile
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwQuerySystemInformation
ZwClose
ExAllocatePool
ExFreePool
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwOpenDirectoryObject
ZwQueryValueKey
isdigit
ZwQueryDirectoryObject
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
PsTerminateSystemThread
KeTickCount
ZwFlushKey
ZwDeleteKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
toupper
ExSystemTimeToLocalTime
isspace
RtlAnsiStringToUnicodeString
tolower
RtlImageDirectoryEntryToData
strstr
memcpy
memset
_except_handler3
_allmul
_alldiv
_allrem
hal
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
Sections
F8-v+4h0 Size: - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
"6!-d 2C Size: - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
\]R8Km76 Size: - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_iE4"/Kq Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
JsS)%-&a Size: - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
#m5k5qrw Size: - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE
tvDW5a*H Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
!6f%l] i Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ