Static task
static1
General
-
Target
004e006b7eb429e1f9b13a45068e8d0e_JaffaCakes118
-
Size
17KB
-
MD5
004e006b7eb429e1f9b13a45068e8d0e
-
SHA1
250dda687a1511407e0f975542d27ae38d245b29
-
SHA256
f6dccaa0ceae892bb7ae24cf7c9316ae6bbc4160603224da66090b949c582a8c
-
SHA512
d92e6c1c35a408abaafee8a2de8bc8b908fffe36bba112fb61647cce35c69efee505452cc3fd976d0dbbec76717c24f0b2c1bb4fed801182b0beda8da07ed3d2
-
SSDEEP
384:WAKV1G+ricWRWViol9fFckVyckVYoJOIx:WDNiRW9vfE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 004e006b7eb429e1f9b13a45068e8d0e_JaffaCakes118
Files
-
004e006b7eb429e1f9b13a45068e8d0e_JaffaCakes118.sys windows:4 windows x86 arch:x86
379ab6aef73dd5df6c3f8ccee0bd70b6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
strlen
ZwClose
ExFreePool
ZwWriteFile
strcat
memset
ExAllocatePoolWithTag
ZwCreateFile
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
_except_handler3
RtlFreeUnicodeString
ZwSetValueKey
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwOpenKey
_snwprintf
ZwEnumerateKey
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
_wcsnicmp
wcslen
memcpy
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
ExGetPreviousMode
KeServiceDescriptorTable
PsGetVersion
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 992B - Virtual size: 974B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ