Static task
static1
General
-
Target
3d6a6d2ef20b7f097b605f4fd304f4d6_JaffaCakes118
-
Size
40KB
-
MD5
3d6a6d2ef20b7f097b605f4fd304f4d6
-
SHA1
606e7b794b330268fbce25485a03a21ffd4c87f4
-
SHA256
9781c079863a6c54a1c58dad7404fe40ee6f950552ae4f0eb73a7d56486eae3a
-
SHA512
26f04653c5587b8606822a6b8156229ba64eb7ef8980f54f90f700f48d45a0921566ab1adba86eb1755d58da1b33d7a85609ab1a2ed72b77ba7e5da78736e353
-
SSDEEP
768:8+GNto+iIsu89ICZqw94sP9IJkud7RDsssDmhtGwahUGnh6Ohz:L9Msu8dD94sP9IJkEWsymhcwuh9h
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3d6a6d2ef20b7f097b605f4fd304f4d6_JaffaCakes118
Files
-
3d6a6d2ef20b7f097b605f4fd304f4d6_JaffaCakes118.sys windows:4 windows x86 arch:x86
e30f7ccddb0e5549ecdd04da636ffc8c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IofCompleteRequest
_wcsicmp
wcsncpy
wcslen
wcsrchr
ZwClose
RtlInitUnicodeString
RtlCopyUnicodeString
ZwQueryValueKey
PsCreateSystemThread
ZwCreateKey
swprintf
wcscat
wcscpy
ZwOpenKey
_except_handler3
KeQuerySystemTime
ZwSetValueKey
ZwSetInformationFile
ZwCreateFile
KeTickCount
KeQueryTimeIncrement
_stricmp
ObReferenceObjectByHandle
MmGetSystemRoutineAddress
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
wcsstr
_wcslwr
strncpy
IoGetCurrentProcess
ZwDeleteKey
RtlCompareUnicodeString
strncmp
_wcsnicmp
MmIsAddressValid
ExFreePool
_snprintf
ExAllocatePoolWithTag
ObfDereferenceObject
IoRegisterDriverReinitialization
IoDeviceObjectType
KeDelayExecutionThread
_snwprintf
PsLookupProcessByProcessId
wcschr
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 64B - Virtual size: 44B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 32B - Virtual size: 10B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDRV Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESYS Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEALL Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 32B - Virtual size: 8B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGECODE Size: 32B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ