Static task
static1
General
-
Target
1741e8c06223d5bfd02254678e3f4c94_JaffaCakes118
-
Size
63KB
-
MD5
1741e8c06223d5bfd02254678e3f4c94
-
SHA1
66a6b6690e335b532d9faa6f6a201ed1bb2f8c16
-
SHA256
dbf9b878a17992a1cc4f8d0ef83657e8852974ce7442ac9295c81339457749a9
-
SHA512
0cf8866c12daf68dbaae442bef69d209e1ad99337b8826a158397deccf2562bda598e2914a92827114dee66b8236a35a90938188ff2e7dbb5f017494434b804b
-
SSDEEP
1536:+trJp1balEM15lBANFB/jPYrpc1iM7ATB:srd+EM1PBAxj0cb7AB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1741e8c06223d5bfd02254678e3f4c94_JaffaCakes118
Files
-
1741e8c06223d5bfd02254678e3f4c94_JaffaCakes118.sys windows:5 windows x86 arch:x86
30c510a17303709b627987373eb583f4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlCompareUnicodeString
IoFreeWorkItem
IofCompleteRequest
IoAllocateWorkItem
IoInvalidateDeviceState
KeInitializeEvent
KeEnterCriticalRegion
IoReleaseCancelSpinLock
PoCallDriver
IoGetAttachedDeviceReference
ExFreePoolWithTag
RtlCompareMemory
IoCreateDevice
KeTickCount
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoWMIWriteEvent
IoGetDeviceProperty
KeClearEvent
IoAttachDeviceToDeviceStack
IoSetDeviceInterfaceState
PoSetPowerState
RtlInitUnicodeString
KeLeaveCriticalRegion
KeSetEvent
IoDetachDevice
IoRegisterDeviceInterface
RtlFreeUnicodeString
IoQueueWorkItem
IoDeleteDevice
PoRequestPowerIrp
IoCancelIrp
ZwQueryValueKey
ZwSetValueKey
KeBugCheckEx
ZwClose
IoWMIRegistrationControl
KeQuerySystemTime
RtlCopyUnicodeString
KeWaitForSingleObject
IoBuildSynchronousFsdRequest
ObfDereferenceObject
IofCallDriver
PoStartNextPowerIrp
IoOpenDeviceRegistryKey
KeGetCurrentThread
hal
KeGetCurrentIrql
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ