Static task
static1
General
-
Target
30e160f4091bf9b9689934367537b871_JaffaCakes118
-
Size
824KB
-
MD5
30e160f4091bf9b9689934367537b871
-
SHA1
fbed3ab8a6d3e6c6512262602f8b729fc50fdcef
-
SHA256
6bddc937b9975173a180983feb88c1dfd9ee67824f400c75a3dc826186d47c13
-
SHA512
bf813f24046e2f21e7ebd1bbe7dd06bd0a666a22a0735db66c84d8552d756d0683cf80f8f570d77cb97a361de0f25629ad764372b9524ec1b323fb918246df6c
-
SSDEEP
24576:b+cQE7EzQ+gUFi6L013acqmNBOZ1M+bRpaG4uR:zGzQ+gUFGpuZ1MsREO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 30e160f4091bf9b9689934367537b871_JaffaCakes118
Files
-
30e160f4091bf9b9689934367537b871_JaffaCakes118.sys windows:4 windows x86 arch:x86
69d6bf92ff1d1cf4d2d07330c0090069
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
sprintf
ZwQuerySystemInformation
ExFreePoolWithTag
RtlNtStatusToDosError
SeDeassignSecurity
ZwQueryValueKey
ExInterlockedPopEntrySList
FsRtlCopyRead
RtlInsertElementGenericTableFull
ExInitializeZone
RtlCustomCPToUnicodeN
RtlInitializeUnicodePrefix
RtlUpcaseUnicodeStringToAnsiString
RtlUpcaseUnicodeString
RtlSetBits
ExReleaseResourceLite
RtlQueryAtomInAtomTable
ExRaiseDatatypeMisalignment
FsRtlRemoveMcbEntry
KeQueryActiveProcessors
IoDeleteDevice
WRITE_REGISTER_UCHAR
RtlClearAllBits
_strnicmp
RtlFindLeastSignificantBit
SeAuditingFileOrGlobalEvents
ZwQuerySymbolicLinkObject
CcCopyRead
RtlCompressBuffer
ZwOpenEvent
RtlTimeToSecondsSince1980
ZwDuplicateObject
IoGetCurrentProcess
RtlFillMemoryUlong
ZwEnumerateKey
ZwRequestWaitReplyPort
RtlDelete
ZwOpenTimer
RtlSelfRelativeToAbsoluteSD
SeCreateClientSecurityFromSubjectContext
KeI386AllocateGdtSelectors
RtlTimeToTimeFields
ExDisableResourceBoostLite
LsaRegisterLogonProcess
IoDeviceHandlerObjectType
DbgBreakPointWithStatus
IoGetFileObjectGenericMapping
srand
CcWaitForCurrentLazyWriterActivity
FsRtlInitializeLargeMcb
ExSystemExceptionFilter
Exi386InterlockedIncrementLong
ProbeForWrite
_vsnprintf
FsRtlCopyWrite
MmBuildMdlForNonPagedPool
IoCreateSymbolicLink
ExInitializeNPagedLookasideList
ZwWaitForMultipleObjects
RtlFindFirstRunClear
IoGetRequestorProcess
RtlFreeHeap
LpcRequestPort
RtlUnicodeToCustomCPN
RtlConvertUlongToLargeInteger
IoAcquireCancelSpinLock
_itoa
ExInterlockedCompareExchange64
InbvSetScrollRegion
FsRtlSplitLargeMcb
RtlCreateAcl
MmAllocateContiguousMemorySpecifyCache
RtlDestroyAtomTable
SeDeleteObjectAuditAlarm
KeSetTimer
wcstombs
IoDeleteSymbolicLink
NtQueryInformationFile
RtlSetOwnerSecurityDescriptor
ExInterlockedAddUlong
SeSinglePrivilegeCheck
FsRtlUninitializeFileLock
IoCreateDevice
KeClearEvent
ZwReadFile
SeTokenType
Kei386EoiHelper
IoUpdateShareAccess
KeSaveFloatingPointState
RtlLargeIntegerArithmeticShift
RtlPrefixUnicodeString
CcCopyWrite
ExIsProcessorFeaturePresent
RtlVolumeDeviceToDosName
SeQueryAuthenticationIdToken
FsRtlCurrentBatchOplock
strcat
FsRtlSyncVolumes
FsRtlTruncateLargeMcb
NtDuplicateToken
ObOpenObjectByPointer
IoMakeAssociatedIrp
ExSemaphoreObjectType
Sections
.text Size: 385KB - Virtual size: 385KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 443B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 419KB - Virtual size: 418KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ