Static task
static1
General
-
Target
ffee0c9c23e5ec8f936f435221c2b4f1_JaffaCakes118
-
Size
125KB
-
MD5
ffee0c9c23e5ec8f936f435221c2b4f1
-
SHA1
06b45414bf62c5e541c6ecc2205e98cd606e632b
-
SHA256
ee6744cffd37c5f4d34d0f1e8907825379da9ec124d0fa982daf6b2f5d4606d4
-
SHA512
1d886661bd7e01e1615eea8b797859bbf3218d40063ce9c88550592e6452c9e422c8dccbd1d294e5035db8c6b40c7f81a155c1bde25d8b4924a371084bdceae7
-
SSDEEP
1536:IDl9wVdiGrUpsBZKOPKR0wdbpxdXrwiNiMW6VlxeazwAGtqjYeeQohSK0KQsPHMv:IDl90p9nRC6iNJW6VbeazpGUArmxsn2
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ffee0c9c23e5ec8f936f435221c2b4f1_JaffaCakes118
Files
-
ffee0c9c23e5ec8f936f435221c2b4f1_JaffaCakes118.sys windows:5 windows x86 arch:x86
78d1c146fcb33f0b02c4c6a578f70636
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeInitializeSpinLock
RtlFreeAnsiString
RtlFreeUnicodeString
IoDeleteDevice
sprintf
KeSetEvent
PsCreateSystemThread
RtlUnicodeStringToAnsiString
ZwClose
IoCreateDevice
KeQuerySystemTime
strncpy
strncmp
strstr
MmIsAddressValid
IoUnregisterFsRegistrationChange
IoRegisterFsRegistrationChange
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ExAllocatePool
ExFreePool
isupper
ZwQuerySystemInformation
KeWaitForSingleObject
tolower
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
isdigit
ZwQueryDirectoryObject
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwOpenDirectoryObject
ZwQueryValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
ZwEnumerateValueKey
strchr
RtlInitUnicodeString
RtlTimeToTimeFields
KeInitializeEvent
PsTerminateSystemThread
KeTickCount
ZwFlushKey
ZwDeleteKey
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
toupper
isspace
ObReferenceObjectByHandle
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
IofCompleteRequest
memcpy
memset
_except_handler3
_allrem
hal
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
Sections
t9hgN_DN Size: - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
j`wI#Ois Size: - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kJ';&7<9 Size: - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
*b0)x:$Y Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
>r/svNZF Size: - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CvQq^pa( Size: - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UO44T_I) Size: 123KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
K AP\d;+ Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ