IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
Static task
static1
1 signatures
General
-
Target
26c9f702b31b5d3813b8b1d00cda083f_JaffaCakes118
-
Size
3KB
-
MD5
26c9f702b31b5d3813b8b1d00cda083f
-
SHA1
b1eb7efcf04b748cd710b55624720f1d0529d76f
-
SHA256
89672a0ac5a8f8da57697d69478e42c15b2a190c838f3e1b6713faf8fa2664cc
-
SHA512
83bca2015772ac59016af3358b28d70626b8cea92bb300c7f21c1512184f6e5c36776153ec4f008328adb88d5c07639ee67229d4da32c48d935a2447a0a55aa8
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 26c9f702b31b5d3813b8b1d00cda083f_JaffaCakes118
Files
-
26c9f702b31b5d3813b8b1d00cda083f_JaffaCakes118.sys windows:5 windows x86 arch:x86
85917607166cfe282aba9ee9b399dd93
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
RtlAssert
KeGetCurrentThread
KeInitializeEvent
ObfDereferenceObject
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
RtlInitUnicodeString
ZwSetValueKey
wcslen
ZwOpenKey
IoCreateSymbolicLink
DbgPrint
IoCreateDevice
IofCompleteRequest
MmUnmapViewOfSection
PsLookupProcessByProcessId
IoDeleteDevice
IoDeleteSymbolicLink
ZwClose
IoCreateFile
hal
KeGetCurrentIrql
Sections
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 714B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 166B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ