Static task
static1
General
-
Target
17001979bd2eb0d82b2a211afd8491ec_JaffaCakes118
-
Size
40KB
-
MD5
17001979bd2eb0d82b2a211afd8491ec
-
SHA1
a816c9725ab1e06f75a09a4a9ed708a59cc74821
-
SHA256
618519d25b2212f8f26784a79d6f1333bf4857c0feda49374969b8b4860ad315
-
SHA512
a1f954b2cd2fc1c1c5af25a3b5d212ed0dd5f40174fbbc437a005d7a79984f7798ea02325f761eb65c77a635f6799327708cd8d5a65a93da255dbcdb1ed2e021
-
SSDEEP
768:z0PjK3yiJvcFBjQslici3+MH3u7tteB1LCCawa0mpXiy0T6gHP/3ajQ2GA:obsrvcFRBi3+M2ttSFwwTxy0vKsK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 17001979bd2eb0d82b2a211afd8491ec_JaffaCakes118
Files
-
17001979bd2eb0d82b2a211afd8491ec_JaffaCakes118.sys windows:4 windows x86 arch:x86
c4a80aaa9e5a4db074fb5c16982735c4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ObfDereferenceObject
KeQuerySystemTime
_stricmp
swprintf
wcsstr
_wcslwr
ObReferenceObjectByHandle
ZwClose
ZwOpenKey
RtlInitUnicodeString
ZwCreateFile
ZwDeleteKey
wcsncpy
MmIsAddressValid
IoGetCurrentProcess
PsGetVersion
ZwQueryValueKey
ZwSetValueKey
wcslen
ZwCreateKey
strncpy
_snwprintf
ExAllocatePoolWithTag
_wcsicmp
wcsrchr
KeDelayExecutionThread
IoDeviceObjectType
ZwSetInformationFile
wcscpy
PsCreateSystemThread
RtlAnsiStringToUnicodeString
strncmp
RtlCopyUnicodeString
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
ExFreePool
_snprintf
_except_handler3
wcschr
wcscat
_wcsnicmp
PsLookupProcessByProcessId
IoRegisterDriverReinitialization
MmGetSystemRoutineAddress
KeTickCount
KeQueryTimeIncrement
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 60B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ