Static task
static1
General
-
Target
1579b7749a5f81ca2579dee16f050f0e_JaffaCakes118
-
Size
735KB
-
MD5
1579b7749a5f81ca2579dee16f050f0e
-
SHA1
a7c4705c2bcdb3372db1360627874694618e7050
-
SHA256
6c26865a439e1cf99cc820118bdf67f8fdb15a7b8f46da4c69fd619e310c8bc4
-
SHA512
e0bdaf2c98ba2d154f0cd61b354efe10e3d7b798da30a99f5e16a45d643fbe23d421e993846cc57ce32de907fc959a196539770a882d0ad26f49ccf2fc3b4bb7
-
SSDEEP
12288:wurU/hsZ25hER9fouLfgwdq5ywOQr0cq/FdZEatqkYwGxpqKKd9Q4peX8oY0/F:wurU/w2EMuLLd8GH4Twe49HpFk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1579b7749a5f81ca2579dee16f050f0e_JaffaCakes118
Files
-
1579b7749a5f81ca2579dee16f050f0e_JaffaCakes118.sys windows:4 windows x86 arch:x86
bbf87b10d74bdef5d957a1f6852734dc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeBugCheckEx
ExAllocatePoolWithTag
RtlInitUnicodeString
KeWaitForSingleObject
KeInitializeEvent
KeSetEvent
ZwClose
IofCompleteRequest
ExFreePoolWithTag
RtlCompareMemory
IoDeleteDevice
IoCreateDevice
ZwQueryValueKey
PoCallDriver
IoFreeIrp
ObfDereferenceObject
PoStartNextPowerIrp
IoAttachDeviceToDeviceStack
RtlFreeUnicodeString
IoAllocateIrp
MmMapLockedPagesSpecifyCache
KeInitializeDpc
ZwOpenKey
RtlQueryRegistryValues
RtlCopyUnicodeString
IoOpenDeviceRegistryKey
IoFreeMdl
ExFreePool
IoQueueWorkItem
IoAllocateMdl
KeInitializeTimer
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoFreeWorkItem
IoWMIRegistrationControl
KeDelayExecutionThread
KeClearEvent
ObReferenceObjectByHandle
KeSetTimer
IoSetDeviceInterfaceState
IoCancelIrp
PoSetPowerState
IoRegisterDeviceInterface
ZwSetValueKey
MmGetSystemRoutineAddress
KeReleaseSpinLockFromDpcLevel
PoRequestPowerIrp
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
MmBuildMdlForNonPagedPool
KeInsertQueueDpc
IoReleaseCancelSpinLock
RtlAnsiStringToUnicodeString
IoWMIWriteEvent
DbgPrint
RtlInitAnsiString
IoWriteErrorLogEntry
IoDeleteSymbolicLink
_vsnwprintf
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
RtlUnicodeStringToAnsiString
RtlAppendUnicodeToString
ObfReferenceObject
MmMapIoSpace
IoReleaseRemoveLockEx
KeQueryTimeIncrement
KeReleaseMutex
RtlAppendUnicodeStringToString
KeInitializeMutex
IoCreateSymbolicLink
IoReleaseRemoveLockAndWaitEx
_vsnprintf
RtlIntegerToUnicodeString
IoGetAttachedDeviceReference
KeSetTimerEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoAcquireCancelSpinLock
KeWaitForMultipleObjects
IoConnectInterrupt
ZwCreateFile
RtlWriteRegistryValue
ZwQuerySystemInformation
MmProbeAndLockPages
IoInvalidateDeviceRelations
IoGetDmaAdapter
MmUnlockPages
KeSetPriorityThread
KeRemoveQueueDpc
Sections
.text Size: 314KB - Virtual size: 313KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 364B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 401KB - Virtual size: 401KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ