filetrace.pdb
Static task
static1
1 signatures
General
-
Target
8f026c033249c67b388450185c999ba6_JaffaCakes118
-
Size
28KB
-
MD5
8f026c033249c67b388450185c999ba6
-
SHA1
b59ed60ede48bb858b63f7798b4a10ab7207451d
-
SHA256
1008de22877d44d0b89c1184acc477136227e9e8d9b0fdf356d5336d4c10c12a
-
SHA512
34d2b038ca5a03f56e6a55b28a8037664c22d787a18cb7fd5320f615c90583c9a99a32816bd6e9c2949c504f377dddb2a94b19b5e66e5336430332b9178a4637
-
SSDEEP
768:3pYR/Rij5fR6mz4n8vCJczrTe/ZrENoCInj:3PG24n8gIKV48nj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8f026c033249c67b388450185c999ba6_JaffaCakes118
Files
-
8f026c033249c67b388450185c999ba6_JaffaCakes118.sys windows:10 windows x86 arch:x86
eadd630b229b3ea99e7a7eaa81718785
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
PsDereferenceImpersonationToken
InterlockedPopEntrySList
IoUnregisterPlugPlayNotification
IoGetDeviceObjectPointer
InterlockedPushEntrySList
ExfInterlockedInsertHeadList
KeInitializeSpinLock
RtlUnwind
memcpy
ZwQueryInformationFile
PsReferenceImpersonationToken
IoWMIWriteEvent
PsGetProcessCreateTimeQuadPart
KeQuerySystemTime
PsReferencePrimaryToken
IoGetTopLevelIrp
RtlAbsoluteToSelfRelativeSD
PsGetProcessWin32WindowStation
PsGetProcessSessionId
SeQueryInformationToken
PsDereferencePrimaryToken
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
MmIsAddressValid
RtlLengthSecurityDescriptor
IoWMIRegistrationControl
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoVolumeDeviceToDosName
ObfDereferenceObject
RtlUpcaseUnicodeChar
WmiQueryTraceInformation
DbgPrintEx
_vsnwprintf
KeInitializeEvent
MmGetSystemRoutineAddress
ExInitializeNPagedLookasideList
RtlInitUnicodeString
IoRegisterPlugPlayNotification
ExDeleteNPagedLookasideList
memset
hal
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
fltmgr.sys
FltSetVolumeContext
FltGetVolumeGuidName
FltObjectReference
FltGetVolumeName
FltAllocateContext
FltGetRequestorProcessId
FltReleaseFileNameInformation
FltQueryInformationFile
FltQueryVolumeInformation
FltGetFileNameInformation
FltIsDirectory
FltReleaseContext
FltGetRequestorProcess
FltQuerySecurityObject
FltGetVolumeContext
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltGetDiskDeviceObject
FltAttachVolume
FltDetachVolume
FltObjectDereference
FltAllocateGenericWorkItem
FltGetVolumeProperties
FltEnumerateVolumes
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INITCONS Size: 1024B - Virtual size: 940B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ