Static task
static1
General
-
Target
0f886affa68030973463276eb4eec6cc_JaffaCakes118
-
Size
40KB
-
MD5
0f886affa68030973463276eb4eec6cc
-
SHA1
1380b1c317231b651d734d8944cba0bb1898d80e
-
SHA256
a81b5061964e604c987c21295fd2625526106770178ed21727e4eef01433777c
-
SHA512
59eaa0534f21f3407899cfdf2104f3acbfbe4a1afae0c2ab365039e64551eae09c359f5172136049dfb81cde48814a4245069a54a4f6d22174c7c5929ab32116
-
SSDEEP
768:sZQwLCqPtEDRYUPl22TtAzRKTWwhw6Pi6Z0qLXpfsOyYLNDV9brMabrTfFfjv6Ah:sZxLCqaVvlOFKsf6BXpfs4xh9PlHtHyi
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0f886affa68030973463276eb4eec6cc_JaffaCakes118
Files
-
0f886affa68030973463276eb4eec6cc_JaffaCakes118.sys windows:4 windows x86 arch:x86
a7d5c7f33f4d0a85588bd23746b87219
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwSetValueKey
wcslen
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
_except_handler3
PsGetVersion
IofCompleteRequest
ExFreePool
ExAllocatePoolWithTag
ObfDereferenceObject
KeQuerySystemTime
swprintf
ZwSetInformationFile
ZwCreateFile
wcscpy
wcsstr
_wcslwr
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
_wcsnicmp
strncpy
IoGetCurrentProcess
PsCreateSystemThread
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
strncmp
MmGetSystemRoutineAddress
_snprintf
_wcsicmp
IoDeviceObjectType
ZwCreateKey
RtlCopyUnicodeString
KeTickCount
KeQueryTimeIncrement
_stricmp
wcscat
ZwDeleteKey
RtlAnsiStringToUnicodeString
_snwprintf
wcschr
PsLookupProcessByProcessId
KeDelayExecutionThread
IoRegisterDriverReinitialization
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 57B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 736B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ