d:\proj\nk\out\i386\nkv2.pdb
Static task
static1
1 signatures
General
-
Target
03b2a470b73ff97590e2fb4dca7790d0_JaffaCakes118
-
Size
47KB
-
MD5
03b2a470b73ff97590e2fb4dca7790d0
-
SHA1
f5c102266c7ea78eee45cd6f71263073e0aaeee8
-
SHA256
68a2fb9f00dbc745ab7c19c3b4b09b2a365d14a66c035ebb66c06b04722387bd
-
SHA512
08cda611f85b65bf760d24d1d7b0700d01d43b53e0d108ceb3de346a9c5a0d6dc50ea235af3aec6e949a3289f91a5062f7363bd1f7090fd0e83d93e884196358
-
SSDEEP
768:LG+mX35y3yjsmX33mTn7jhXdAVa+bC/EacardlCU/0HmSbXw2UBY6Q+:LG+mXJyi/3WTPhN8aE0AUKhtUBv
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 03b2a470b73ff97590e2fb4dca7790d0_JaffaCakes118
Files
-
03b2a470b73ff97590e2fb4dca7790d0_JaffaCakes118.sys windows:5 windows x86 arch:x86
6696e653eed2a6f46f5599c041d7c9d9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_except_handler3
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmUnlockPages
MmUnmapLockedPages
RtlEqualUnicodeString
IofCompleteRequest
ExFreePoolWithTag
ExAllocatePoolWithTag
strstr
RtlUpperString
RtlInitString
ZwQuerySystemInformation
RtlAssert
KeInitializeSpinLock
KeInitializeEvent
KeWaitForSingleObject
KeSetEvent
KeDelayExecutionThread
ExfInterlockedInsertTailList
KeResetEvent
KeWaitForMultipleObjects
_allmul
ZwClose
ZwDeviceIoControlFile
ZwCreateFile
PsGetVersion
KeSetTimerEx
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
KeSetTimer
sprintf
KeQuerySystemTime
wcslen
RtlCompareUnicodeString
MmBuildMdlForNonPagedPool
ObfDereferenceObject
DbgPrint
RtlInitUnicodeString
IoDriverObjectType
ObReferenceObjectByName
hal
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
tdi.sys
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
ndis.sys
NdisQueryBufferSafe
NdisAllocatePacket
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreePacket
NdisUnchainBufferAtFront
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisFreeBufferPool
NdisFreePacketPool
NdisQueryBufferOffset
NdisAllocateBuffer
NdisDeregisterProtocol
NdisInitUnicodeString
NdisRegisterProtocol
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 477B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 368B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ