d:\projects\gui\vba32sys\objfre_wnet_AMD64\amd64\Vba32mNT.pdb
Static task
static1
1 signatures
General
-
Target
4139a53892e20f911824eb59693ee41d_JaffaCakes118
-
Size
48KB
-
MD5
4139a53892e20f911824eb59693ee41d
-
SHA1
eeda984c682827ac7383e3ae10d0a21222e47cb3
-
SHA256
dfd00a55277ab3e418bb4b4b730b9ef6c84887d837b7554820d4c73c4f0f3e52
-
SHA512
929b4ea56898199d4cad9fff9bc84f99c410b04e3c591cba8e3b66b1ecff98d5e4e2af064f729fee6bee12c3b64c466dda6570da85e37073d2335c7dc6934d82
-
SSDEEP
768:oEsxqNQI37925U4G3V8zbQisfvT1HIoMa731V0f+fR:oEGMQI3Z25U4G36zT8vT1H5Dzf
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4139a53892e20f911824eb59693ee41d_JaffaCakes118
Files
-
4139a53892e20f911824eb59693ee41d_JaffaCakes118.sys windows:5 windows x64 arch:x64
301888bc9e1790c307fdfe83f3ad4f77
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ObfDereferenceObject
PsLookupProcessByProcessId
__C_specific_handler
ExAllocatePoolWithTag
ObReferenceObjectByHandle
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ZwClose
ZwQueryInformationProcess
ObOpenObjectByPointer
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
KeInitializeEvent
ExInitializePagedLookasideList
ExAcquireFastMutex
ExReleaseFastMutex
RtlInitializeGenericTable
ObfReferenceObject
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
towupper
IoGetCurrentProcess
KePulseEvent
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForSingleObject
toupper
wcschr
ExFreePool
wcsncpy
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExInitializeNPagedLookasideList
RtlEnumerateGenericTableWithoutSplaying
IoGetDeviceObjectPointer
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
_snwprintf
wcsstr
ZwQueryInformationToken
ZwOpenThreadToken
wcsrchr
wcsncmp
IoGetRequestorProcess
IofCompleteRequest
ZwLoadDriver
ExInitializeResourceLite
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
_stricmp
IoDeleteDevice
MmMapLockedPages
strncmp
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
KeInitializeMutex
ZwCreateEvent
KeBugCheckEx
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 346B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ