Static task
static1
General
-
Target
0637ac9971ffe639d9dccb9ae76a2eb9_JaffaCakes118
-
Size
37KB
-
MD5
0637ac9971ffe639d9dccb9ae76a2eb9
-
SHA1
09517ac865fc8936817398c73351a00ff1865f39
-
SHA256
ac74b3fde16c562d7dfe7868b859c80c2e1c3360da4a337a5e9da7b2967c02fd
-
SHA512
8fbfb45f945db93b9d341761d40dd3f21a73ba4d8b8c62cab4264f0e232843c7755ec93db1b394e474fc421f608fae943ad915d377449646081df6693c414f30
-
SSDEEP
768:skiiggcSBsasUKaLzbR+9/98f8dSiQYVUYzJB8okfEBFtvCeA:ugcSBsr7aLvIlPdfVJzJenfYFt6n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0637ac9971ffe639d9dccb9ae76a2eb9_JaffaCakes118
Files
-
0637ac9971ffe639d9dccb9ae76a2eb9_JaffaCakes118.sys windows:5 windows x86 arch:x86
96384b1def8983262e7df873de0bef63
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
ObfReferenceObject
IoCreateSymbolicLink
ExFreePoolWithTag
KeInitializeTimer
RtlAnsiStringToUnicodeString
ExFreePool
IoFreeIrp
RtlFreeUnicodeString
wcslen
KefAcquireSpinLockAtDpcLevel
ExAllocatePoolWithTag
NtQuerySystemInformation
PsCreateSystemThread
PoRequestPowerIrp
IoFreeMdl
MmProbeAndLockPages
ExInitializeNPagedLookasideList
KeInitializeDpc
RtlInitAnsiString
IofCompleteRequest
KeTickCount
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 128B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 608B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 698B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 210B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ