Static task
static1
General
-
Target
fec1feac189750bdd78fb88276e3e0cd_JaffaCakes118
-
Size
69KB
-
MD5
fec1feac189750bdd78fb88276e3e0cd
-
SHA1
2766f9e8131ef9ffd69b80a6c07d9b2772a7bbd6
-
SHA256
95a0c7934eb39d1af99ee22a9705609c3ff539a5aa99bb79106cb518d35f2f86
-
SHA512
fb08c88be2d91bbfeeac99509023ae5292baf760855a5c5e8c1bdc3a2316fbcdc4ae91c27adc2fc0c48afd368cd859e5db0b260578b735862087231061ed36a0
-
SSDEEP
1536:wl1Gd73ivoYipK1OtmbOtWT7dqMgLeN8XyGKmAJXKXfHkD9:wlTvoHttO7XqbK2HkD9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fec1feac189750bdd78fb88276e3e0cd_JaffaCakes118
Files
-
fec1feac189750bdd78fb88276e3e0cd_JaffaCakes118.sys windows:5 windows x86 arch:x86
bf87836a1abc3e8f0f39681b6d01a44b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeClearEvent
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IoGetDeviceProperty
RtlFreeUnicodeString
IofCompleteRequest
ZwSetValueKey
ZwClose
IofCallDriver
ExAllocatePoolWithTag
IoOpenDeviceRegistryKey
IoFreeWorkItem
ExFreePoolWithTag
IoWMIRegistrationControl
RtlCopyUnicodeString
KeSetEvent
KeQuerySystemTime
PoRequestPowerIrp
KeWaitForSingleObject
RtlCompareUnicodeString
IoWMIWriteEvent
KeLeaveCriticalRegion
RtlCompareMemory
IoQueueWorkItem
KeEnterCriticalRegion
MmGetSystemRoutineAddress
KeInitializeEvent
ZwQueryValueKey
IoReleaseCancelSpinLock
PoCallDriver
IoCancelIrp
KeTickCount
IoBuildSynchronousFsdRequest
IoAllocateWorkItem
IoSetDeviceInterfaceState
PoSetPowerState
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
IoInvalidateDeviceState
IoCreateDevice
PoStartNextPowerIrp
KeBugCheckEx
RtlInitUnicodeString
hal
KeGetCurrentIrql
Sections
.text Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 444B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ