Static task
static1
General
-
Target
30db6ec64f8cd846d156879ed79364ff_JaffaCakes118
-
Size
5KB
-
MD5
30db6ec64f8cd846d156879ed79364ff
-
SHA1
6d41a37a5f74d6ca390df512869ee8500ad1caa8
-
SHA256
522578cf32ca55b6cac2f7f7d5791ef9158a22dc385c7629057b83b5d757fcab
-
SHA512
d65359e2bbc03d9a924d7f0525e9098e19e93ea9ff8e16caef944917bd5e7bfa9e460244c2ab36256b8a899dfc56635f1a2833b2138749554709c1f7317ebf8c
-
SSDEEP
96:OuL2yaqCAmTacLWPt2/pUS78dQrAGWaWLcjn7+dEnv9:OgafA4acLWPt2p7jAtw9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 30db6ec64f8cd846d156879ed79364ff_JaffaCakes118
Files
-
30db6ec64f8cd846d156879ed79364ff_JaffaCakes118.sys windows:5 windows x86 arch:x86
b9e0686185d6b5bbd9e81cf55eaed5bd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
InterlockedIncrement
IoCreateDevice
InterlockedDecrement
ExAllocatePoolWithTag
swprintf
ExFreePool
InterlockedExchange
ExfInterlockedInsertTailList
IofCompleteRequest
KeInitializeSpinLock
RtlInitUnicodeString
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoDeleteDevice
hal
KfAcquireSpinLock
KfReleaseSpinLock
ndis.sys
NdisFreePacket
NdisAllocatePacket
NdisResetEvent
NdisCloseAdapter
NdisFreeMemory
NdisAllocatePacketPool
NdisInitializeEvent
NdisOpenAdapter
NdisWaitEvent
NdisFreePacketPool
NdisDeregisterProtocol
NdisSetEvent
NdisRegisterProtocol
NdisQueryAdapterInstanceName
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 888B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 352B - Virtual size: 346B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ