K:\5551\exe\nta64\release\english\autoprnt.pdb
Static task
static1
1 signatures
General
-
Target
fb93c95219deff9d29bb2c23fc50d25a_JaffaCakes118
-
Size
3.9MB
-
MD5
fb93c95219deff9d29bb2c23fc50d25a
-
SHA1
34a4b4a33e25f53feac2d890ec416dadc15bf87b
-
SHA256
94a5134718afdd48d9585386c32f711efeb8a14e2f012ef09563a7f8dfe693bb
-
SHA512
25528fec0eaad1cabf867111a06400ed650c288187a7aeb39a4ab1a68148001f9f85c2755cde4fb209a876870628107943f5e2dfd9fddec9fe274581b3d9f4ab
-
SSDEEP
49152:7iiYvZbNuNEF1ALHazw4l3f3hsImykgLYNMxSdDa4nTkt:WiYXy6z/HsEY6xSdG7
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource fb93c95219deff9d29bb2c23fc50d25a_JaffaCakes118
Files
-
fb93c95219deff9d29bb2c23fc50d25a_JaffaCakes118.sys windows:4 windows x64 arch:x64
7a0a8c39d99054583b73822492a4c8c9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtSetInformationProcess
NtQueryInformationProcess
NtLockVirtualMemory
memcpy
memmove
memcmp
memset
NtAdjustPrivilegesToken
NtOpenProcessToken
NtShutdownSystem
sprintf
ZwInitializeRegistry
ZwClose
ZwFlushKey
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
RtlSystemTimeToLocalTime
RtlTimeToSecondsSince1970
ZwQuerySystemTime
RtlTimeToTimeFields
RtlSecondsSince1970ToTime
RtlLocalTimeToSystemTime
RtlTimeFieldsToTime
RtlRandom
NtDisplayString
RtlCreateHeap
RtlDestroyHeap
RtlFreeHeap
__C_specific_handler
ZwAllocateVirtualMemory
ZwQueryInformationProcess
RtlAllocateHeap
ZwFreeVirtualMemory
RtlInitUnicodeString
RtlInitString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlUnicodeStringToAnsiSize
_vsnprintf
RtlCompareString
RtlCompareUnicodeString
ZwEnumerateKey
ZwCreateKey
RtlDeleteRegistryValue
ZwDeleteKey
ZwWaitForSingleObject
ZwCreateEvent
ZwSetEvent
ZwResetEvent
ZwCreateMutant
ZwReleaseMutant
ZwCreateSemaphore
ZwReleaseSemaphore
ZwWaitForMultipleObjects
ZwCreateFile
ZwCancelIoFile
ZwReadFile
ZwDeviceIoControlFile
ZwTerminateThread
ZwSetInformationThread
ZwCreateThread
ZwProtectVirtualMemory
strchr
memchr
sscanf
strtoul
__chkstk
_stricmp
strncpy
tolower
strncmp
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlUpcaseUnicodeChar
ZwQueryVolumeInformationFile
ZwOpenFile
ZwSetInformationFile
ZwQueryInformationFile
ZwDeleteFile
RtlGetCurrentDirectory_U
ZwQueryDirectoryFile
wcsncmp
ZwWriteFile
ZwFlushBuffersFile
ZwFsControlFile
toupper
ZwQuerySystemInformation
_strnicmp
vsprintf
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
LdrGetProcedureAddress
LdrGetDllHandle
isspace
strcspn
iscntrl
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
ZwTerminateProcess
ZwDisplayString
RtlRaiseException
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlFreeOemString
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlDowncaseUnicodeString
ZwDeleteValueKey
ZwQueryKey
ZwEnumerateValueKey
_wcsnicmp
NtOpenThreadToken
ZwQueryDirectoryObject
ZwOpenDirectoryObject
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 785KB - Virtual size: 784KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 160KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 199KB - Virtual size: 198KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ