mbbcx.pdb
Static task
static1
1 signatures
General
-
Target
62a78356d146248c80cd6a7bf5dcdcb6_JaffaCakes118
-
Size
274KB
-
MD5
62a78356d146248c80cd6a7bf5dcdcb6
-
SHA1
9cb20e4176ae834489f29cfbf714dc412c6ecfab
-
SHA256
1980a37c6d31e39972552b39cbd2184789ea52dbbe165ed7761de8e8450e8fb3
-
SHA512
9843fbe65afb1de148a2f9d8831c159469521ac9d9371e62b93e914974dec19e48fe88e807d69659fa828354ef674ae7ff8eb446a751f8fa3beb15959baabb4c
-
SSDEEP
3072:bGblVoT8+TBXzKoAmPm5Qh6IeeaQGD4t1t2J6tt6WFvVjFQP1+AxwszEMy0pS+YB:GVYdmLoc6VVBTzuy0pzlFuSz
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 62a78356d146248c80cd6a7bf5dcdcb6_JaffaCakes118
Files
-
62a78356d146248c80cd6a7bf5dcdcb6_JaffaCakes118.sys windows:10 windows x64 arch:x64
f06e902885f575c582756e2eadee0a58
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ZwClose
RtlSetBits
RtlInitializeBitMap
EtwWrite
ExInitializeNPagedLookasideList
ObReferenceObjectByHandle
RtlUnicodeStringToAnsiString
PsThreadType
EtwActivityIdControl
EtwUnregister
PsCreateSystemThread
ExpInterlockedPushEntrySList
ObfDereferenceObject
RtlInitUnicodeString
ExDeleteNPagedLookasideList
ExpInterlockedPopEntrySList
RtlAnsiStringToUnicodeString
KeResetEvent
KeFlushQueuedDpcs
KeInitializeEvent
EtwSetInformation
KeInitializeSpinLock
IoWMIRegistrationControl
EtwRegister
ExQueryDepthSList
MmGetSystemRoutineAddress
RtlCopyUnicodeString
RtlWriteRegistryValue
RtlIpv6StringToAddressW
RtlFreeUnicodeString
RtlIpv4AddressToStringW
RtlQueryRegistryValues
RtlIpv4StringToAddressW
RtlStringFromGUID
RtlIpv6AddressToStringW
DbgPrintEx
_vsnwprintf
KeWaitForMultipleObjects
PsTerminateSystemThread
RtlCompareMemory
KeSetEvent
RtlUTF8ToUnicodeN
RtlInitAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
KeReleaseSpinLock
EtwWriteTransfer
KeAcquireSpinLockRaiseToDpc
wdfldr.sys
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass
WdfRegisterClassLibrary
ndis.sys
NdisOpenConfigurationEx
NdisReadConfiguration
NdisCloseConfiguration
NdisWriteConfiguration
NdisFreeTimerObject
NdisSetCoalescableTimerObject
NdisGetSystemUpTimeEx
NdisAllocateTimerObject
NdisCancelTimerObject
NdisGetVersion
NdisMQueryAdapterInstanceName
NdisFreeMemory
NdisMIndicateStatusEx
netio.sys
NotifyRouteChange2
ConvertInterfaceLuidToGuid
NotifyIpInterfaceChange
CancelMibChangeNotify2
NotifyUnicastIpAddressChange
FreeMibTable
CreateIpForwardEntry2
GetUnicastIpAddressTable
InitializeUnicastIpAddressEntry
DeleteUnicastIpAddressEntry
DeleteIpForwardEntry2
InitializeIpForwardEntry
CreateUnicastIpAddressEntry
InitializeIpInterfaceEntry
GetIpForwardTable2
SetIpInterfaceEntry
ConvertInterfaceLuidToIndex
wpprecorder.sys
WppAutoLogStart
WppAutoLogTrace
imp_WppRecorderReplay
WppAutoLogStop
Sections
.text Size: 183KB - Virtual size: 183KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ