Static task
static1
General
-
Target
3813c4546cf7ffe0c73b9e98e841e147_JaffaCakes118
-
Size
40KB
-
MD5
3813c4546cf7ffe0c73b9e98e841e147
-
SHA1
d9b816d35db4ad4340f0af931b7694d7457b81a0
-
SHA256
7264e0b7abc830f1f1e503e7f8c6cfba0934ce84de94ab6a18b796bd68d68c46
-
SHA512
280fb908cda45c9b559a75aad5c84f0fc8ad1d36df780c1389ffc56b04afb9cce8e50bcf149589c13117218a7f23b0b333c6d37a0c09ce764c835e28c3b8f005
-
SSDEEP
768:d1bR3cyirOuq07qVE14QYwv5TW7c2Xu8FT87vcCCpK6zTs0xdHgOGj:36yigtu4Q3v5CoOg7k/K6z
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3813c4546cf7ffe0c73b9e98e841e147_JaffaCakes118
Files
-
3813c4546cf7ffe0c73b9e98e841e147_JaffaCakes118.sys windows:4 windows x86 arch:x86
ffd3625b5ef9bcd785c13d4f5aacc314
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwClose
ZwOpenKey
RtlInitUnicodeString
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlCopyUnicodeString
PsCreateSystemThread
ZwSetValueKey
ZwQueryValueKey
PsGetVersion
wcslen
wcscat
wcscpy
_wcsicmp
_except_handler3
ObfDereferenceObject
MmIsAddressValid
ObReferenceObjectByHandle
wcsncpy
wcsrchr
_stricmp
swprintf
wcsstr
_wcslwr
strncpy
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
RtlCompareUnicodeString
strncmp
_snwprintf
wcschr
ExFreePool
_snprintf
ExAllocatePoolWithTag
ZwCreateKey
IoDeviceObjectType
RtlAnsiStringToUnicodeString
KeQuerySystemTime
ZwDeleteKey
_wcsnicmp
IoRegisterDriverReinitialization
ZwSetInformationFile
ZwCreateFile
IofCompleteRequest
MmGetSystemRoutineAddress
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
PsLookupProcessByProcessId
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGERES Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 96B - Virtual size: 93B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ