Static task
static1
General
-
Target
5453cf726c935b315cf4de48444d4f78_JaffaCakes118
-
Size
18KB
-
MD5
5453cf726c935b315cf4de48444d4f78
-
SHA1
d163a6a780f024bba039a3377c724530799d7512
-
SHA256
3554de66613f289104b042498d9e9494641598fe1c33765f64f2dff303bbb240
-
SHA512
997d5a34600908c4e261d3bbef5564f87ef965abf038b8b4a9a6de72568de3970d08e2e249834a4a482d2e453fa04de38345f16782092628f6e34373574dc08d
-
SSDEEP
48:6RZoou8fsJrJrcRdydRJkWc9Ldf/1Q1AVpcvKKQmHUUWEG:V8fsVBcOx8LVzpafUUz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5453cf726c935b315cf4de48444d4f78_JaffaCakes118
Files
-
5453cf726c935b315cf4de48444d4f78_JaffaCakes118.sys windows:5 windows x86 arch:x86
d79236bb83424e3d264c84a6896016f9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoGetCurrentProcess
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwReadFile
RtlFreeUnicodeString
ZwCreateFile
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 928B - Virtual size: 918B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 96B - Virtual size: 69B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 224B - Virtual size: 224B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 64B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ