Static task
static1
General
-
Target
128fcab28155e32c842c6e032506f4ba_JaffaCakes118
-
Size
64KB
-
MD5
128fcab28155e32c842c6e032506f4ba
-
SHA1
3f9410b4e10bae12d31a2203aec9069139a0ae85
-
SHA256
85f22352ba5587846e164e37be5bbda19a912a35f28bfbb267b6a2347884ee02
-
SHA512
0eddb17d667881a534597a33ba66f27fe3fea3206a2eed5799a065bb7923596ddf07763e4977cbfc5e7d86f5c1de39683feba9dbba277272b9d8844acb5f8252
-
SSDEEP
1536:wTuIdA8Uq+08e8tEpjV3oVEXqGxPJoI1/:wTTdrUq+04tejNoTGboI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 128fcab28155e32c842c6e032506f4ba_JaffaCakes118
Files
-
128fcab28155e32c842c6e032506f4ba_JaffaCakes118.sys windows:4 windows x86 arch:x86
dd188e98a2c0f761917db40c839f630f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
hal
KeAcquireQueuedSpinLock
ntoskrnl.exe
RtlInitUnicodeString
ZwCreateKey
ZwQueryValueKey
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
ExInitializeZone
SeExports
ExInterlockedDecrementLong
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
ExAllocatePoolWithTag
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IoDeleteDevice
ExDeleteNPagedLookasideList
IoQueueWorkItem
ZwNotifyChangeKey
MmPageEntireDriver
IoFreeWorkItem
ExInitializeNPagedLookasideList
IoAllocateWorkItem
IoCreateDevice
DbgBreakPoint
KeReadStateEvent
KePulseEvent
MmAdvanceMdl
KeBugCheckEx
ExInterlockedFlushSList
KeSetTimerEx
KeInitializeDpc
KeInitializeTimer
MmLockPagableDataSection
KeSetTimer
MmUnlockPagableImageSection
KeRemoveQueueDpc
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.INIT Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ