Static task
static1
General
-
Target
4356ae723624237ca9aa03a7156c57c9_JaffaCakes118
-
Size
174KB
-
MD5
4356ae723624237ca9aa03a7156c57c9
-
SHA1
7cbd369797cb5789cf84eaf2c319186a968c8ade
-
SHA256
a4ab904147173114f071e411472acbf7dd68f705a86a1f55a43cde3c8ce59c2e
-
SHA512
5a76516e6ca491f020cf50836ff4c459f2b5211dc2b6a04f2f3f48c088623f5a9db312d11af561f1dc79864b3123ceed543e9c58a13d1739199acf6242afebad
-
SSDEEP
3072:3cf1OXB6dBEEjcqWGviCyxIqUWkt0RRgvOpkKYl5WGcYDK:S18McJqW9xxDLy0RRgWpiW+K
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4356ae723624237ca9aa03a7156c57c9_JaffaCakes118
Files
-
4356ae723624237ca9aa03a7156c57c9_JaffaCakes118.sys windows:5 windows x86 arch:x86
77bb530a648dd896759d6ec691d4d5b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeStackAttachProcess
_except_handler3
ZwClose
ZwUnmapViewOfSection
IoAllocateMdl
MmProbeAndLockPages
ZwQueryInformationFile
ZwCreateSection
atoi
strstr
strncpy
memmove
wcslen
ZwMapViewOfSection
memchr
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoRegisterShutdownNotification
InitSafeBootMode
IofCompleteRequest
IoCreateSynchronizationEvent
RtlInitUnicodeString
ExFreePool
wcscat
rand
srand
KeQuerySystemTime
wcscpy
IoDeleteDevice
_stricmp
IoCreateSymbolicLink
wcsrchr
PsGetCurrentProcessId
ZwQueryInformationProcess
PsGetCurrentThreadId
RtlFreeUnicodeString
ZwSetInformationFile
ZwWriteFile
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_strupr
ZwQueryValueKey
ZwOpenKey
ZwSetValueKey
strrchr
ZwDeleteFile
ZwOpenFile
RtlCompareMemory
ZwReadFile
RtlCompareUnicodeString
strncmp
KeReleaseMutex
KeWaitForSingleObject
_strlwr
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeClearEvent
InterlockedIncrement
KeSetEvent
IoCreateDevice
MmMapLockedPagesSpecifyCache
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
wcsstr
_wcsupr
strncat
ZwEnumerateKey
ZwQueryKey
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeInitializeEvent
KeInitializeSpinLock
KeInitializeMutex
ExInitializeNPagedLookasideList
sprintf
MmIsAddressValid
NtBuildNumber
IoGetCurrentProcess
KeGetCurrentThread
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ObQueryNameString
InterlockedExchange
ObReferenceObjectByName
IoDriverObjectType
ZwAllocateVirtualMemory
KeInsertQueueApc
KeInitializeApc
PsLookupProcessThreadByCid
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
RtlCompareString
RtlInitString
ZwQuerySystemInformation
ObfDereferenceObject
IoGetDeviceObjectPointer
KeServiceDescriptorTable
KdDisableDebugger
KdDebuggerEnabled
ObReferenceObjectByHandle
PsProcessType
ExGetPreviousMode
wcsncpy
ZwTerminateProcess
ZwDeleteKey
ZwCreateKey
ZwOpenSection
ZwEnumerateValueKey
_snprintf
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IoFileObjectType
ZwSetSecurityObject
ZwReplaceKey
ZwRestoreKey
ZwDeleteValueKey
ZwSetSystemInformation
KeAddSystemServiceTable
IoFreeMdl
KeUnstackDetachProcess
InterlockedDecrement
MmUnlockPages
strchr
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex
ExAcquireFastMutex
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 102KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 928B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ