Static task
static1
General
-
Target
182cd4fa74d5328187263dbda3d158d0_JaffaCakes118
-
Size
26KB
-
MD5
182cd4fa74d5328187263dbda3d158d0
-
SHA1
679ad1e833acce83daecd7f7dca61f367fb7832f
-
SHA256
8c307134e05ce61da7324a54b7190a552e8cd6fad61a59b061f19e0227785da9
-
SHA512
52a5a7c48c42de386252e21f87ca64b102f14743bfd2df5e5e362d12a78b7632954fa0cef066519da59bf13a04bfe1d1c55a138088eff38339c1ac94e3fe9f22
-
SSDEEP
384:Z0EI2YqLfuRDmsiwS/oP+FBlDo+5aja/D2xds31v/3U9rtMB5:Z0CY3SF99D2x+31v/UZtMB5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 182cd4fa74d5328187263dbda3d158d0_JaffaCakes118
Files
-
182cd4fa74d5328187263dbda3d158d0_JaffaCakes118.sys windows:4 windows x86 arch:x86
2fc8bd0098d5eef6181f5b66dd6b4fbe
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
_except_handler3
ObfDereferenceObject
KeWaitForSingleObject
PsTerminateSystemThread
KeDelayExecutionThread
strcmp
IoGetCurrentProcess
ExFreePoolWithTag
KeInsertQueueApc
KeInitializeApc
ExAllocatePoolWithTag
ZwFreeVirtualMemory
ZwOpenProcess
PsGetProcessId
memcpy
KeUnstackDetachProcess
KeStackAttachProcess
ZwAllocateVirtualMemory
NtBuildNumber
ObReferenceObjectByPointer
PsProcessType
KeServiceDescriptorTable
PsGetCurrentProcessId
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 714B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 394B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ