d:\programs\out\tsoft\bin\Release\amd64\passThrough.pdb
Static task
static1
1 signatures
General
-
Target
f84cbe1a41c61bfa9a5df771ea36eb06_JaffaCakes118
-
Size
482KB
-
MD5
f84cbe1a41c61bfa9a5df771ea36eb06
-
SHA1
2bab49b399374c2f6f755c976f9086a8c053e2cf
-
SHA256
3396f85120b27a39d136e15e59dca2524c779ec5fde5979b373121286ac04993
-
SHA512
a9bea87aa09747fae6c8a78d54d4c4ba724723dec51ea6b79b4c0490817a6107f8ffac2ba81383f0985934107c13964718ed94b2c05df2520784a1fb6a881d36
-
SSDEEP
12288:SZJ/wvdO3OcTw68LttfzqP/t8/V8qDr5MSl:Sz4vdO3OcTP8Tf23t8/Cq6Sl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f84cbe1a41c61bfa9a5df771ea36eb06_JaffaCakes118
Files
-
f84cbe1a41c61bfa9a5df771ea36eb06_JaffaCakes118.sys windows:6 windows x64 arch:x64
aa8a809a118041bd6e9680808f0d1b0c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
PsGetCurrentProcessId
RtlCopyUnicodeString
ObfDereferenceObject
RtlUnicodeStringToInteger
IofCallDriver
RtlInitUnicodeString
IoDeleteDevice
IoDetachDevice
KeDelayExecutionThread
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
IoCreateDevice
IoCreateSymbolicLink
IoGetRelatedDeviceObject
IoFreeMdl
IoFreeIrp
MmProbeAndLockPages
IoAllocateIrp
RtlCompareMemory
MmUnlockPages
IoAllocateMdl
IoReleaseCancelSpinLock
ExUnregisterCallback
ExNotifyCallback
ExRegisterCallback
ExCreateCallback
MmUnmapLockedPages
_stricmp
_strnicmp
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
NtWriteFile
PsLookupProcessByProcessId
ExGetPreviousMode
MmGetSystemRoutineAddress
ZwQueryObject
RtlUnicodeStringToAnsiString
ZwSetValueKey
strncpy
MmProtectMdlSystemAddress
NtQueryInformationFile
RtlEqualUnicodeString
tolower
wcsrchr
ExSystemTimeToLocalTime
IoGetCurrentProcess
NtCreateFile
NtClose
IoSetTopLevelIrp
NtDeleteFile
RtlTimeToTimeFields
strrchr
ZwQueryInformationProcess
IoGetTopLevelIrp
MmIsAddressValid
NtReadFile
ObOpenObjectByPointer
ZwOpenKey
KeClearEvent
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetVersion
IoThreadToProcess
IoDeleteSymbolicLink
_wcsnicmp
KeInsertQueueApc
ZwQueryValueKey
PsInitialSystemProcess
RtlCompareUnicodeString
ZwOpenProcess
CmRegisterCallback
ZwCreateSection
CmUnRegisterCallback
PsGetProcessId
DbgPrint
ZwCreateKey
KeInitializeEvent
strchr
KeSetEvent
strstr
KeSetPriorityThread
ExFreePoolWithTag
strncat
sprintf
KeAcquireSpinLockRaiseToDpc
KeQueryTimeIncrement
ExAllocatePool
ZwQuerySystemInformation
KeReleaseSpinLock
KeInitializeApc
ZwMapViewOfSection
RtlInitAnsiString
ZwUnmapViewOfSection
RtlUpperString
RtlFreeAnsiString
__C_specific_handler
fltmgr.sys
FltRegisterFilter
FltSetCallbackDataDirty
FltStartFiltering
FltReleaseFileNameInformation
FltUnregisterFilter
FltGetFileNameInformation
ndis.sys
NdisAllocateMemoryWithTag
tdi.sys
TdiMapUserRequest
Sections
.text Size: 107KB - Virtual size: 107KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 333KB - Virtual size: 359KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 512B - Virtual size: 23B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ