c:\users\rmgree5\co\standalonegrok_2.1.1.1\gk_driver\gk_sa_driver\objfre_wnet_amd64\amd64\SaGk.pdb
Static task
static1
1 signatures
General
-
Target
26926bb2b72c0d16d7d49bc3d1efdef1_JaffaCakes118
-
Size
81KB
-
MD5
26926bb2b72c0d16d7d49bc3d1efdef1
-
SHA1
d26ae13d10f99ca53b4cccd0d0350bb99ab9a540
-
SHA256
f188568018d8eb4376031cc3eb86e969103828b3923461fbeb38bf8a2c7b441e
-
SHA512
8077ac5dcf0e9c4448252fb8fdbef0c422a5b9bae00a5ca094be43c4098d658782be6e442dcfb0aaa3e1c6b29a8e01a1e3e07f8911690dc0b67ce19161465062
-
SSDEEP
1536:PriL0eKq6Xp/6i79TW1bXmUTZjdBbub3U49fXmL2VxmvuwLpdyOgAK08:PCaqCp/N79qdBsUOa7VdyOgAK08
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/GROK_24A6EC8EBF9C0867ED1C097F4A653B8D
Files
-
26926bb2b72c0d16d7d49bc3d1efdef1_JaffaCakes118.zip
Password: infected
-
GROK_24A6EC8EBF9C0867ED1C097F4A653B8D.sys windows:6 windows x64 arch:x64
d8b4b3e994e78c3549d970d6b09456ba
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ObGetObjectSecurity
ExFreePoolWithTag
IoRegisterShutdownNotification
RtlInitUnicodeString
KeDelayExecutionThread
wcsstr
IoUnregisterShutdownNotification
PsTerminateSystemThread
IoGetCurrentProcess
IofCompleteRequest
ObReleaseObjectSecurity
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExDeleteResourceLite
ExInitializeResourceLite
PsLookupProcessByProcessId
_wcsnicmp
KeSetEvent
KeInitializeEvent
ZwQuerySystemInformation
KeUnstackDetachProcess
KeDetachProcess
IoDriverObjectType
wcsrchr
PsCreateSystemThread
ExAllocatePool
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
PsInitialSystemProcess
KeAttachProcess
PsGetVersion
RtlCompareUnicodeString
ZwQueryInformationProcess
ObfReferenceObject
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByName
ObOpenObjectByPointer
PsGetProcessId
KeStackAttachProcess
ZwAllocateVirtualMemory
ExAllocatePoolWithTag
ObOpenObjectByName
ObMakeTemporaryObject
ObCreateObject
ObInsertObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
PsGetCurrentThreadId
ZwCreateKey
ZwQueryValueKey
__C_specific_handler
MmGetSystemRoutineAddress
KeQueryActiveProcessors
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
RtlInitString
RtlCompareString
RtlCompareMemory
ProbeForRead
ExReleaseFastMutex
ExAcquireFastMutex
NtBuildNumber
KeInitializeDpc
KeSetTargetProcessorDpc
KeInsertQueueDpc
ZwOpenFile
sprintf
wcslen
RtlDecompressBuffer
towupper
wcscpy
ZwQueryDirectoryObject
ZwOpenDirectoryObject
ZwCreateEvent
IoCreateDevice
_local_unwind
Exports
Exports
ObfuscatedEntrypoint
Sections
.text Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.msda Size: 1024B - Virtual size: 615B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 77B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ