d:\programs\siberia2\innerdrv\objfre_wxp_x86\i386\InnerDrv.pdb
Static task
static1
1 signatures
General
-
Target
086a082e1bca733aad204df988eb6ebd_JaffaCakes118
-
Size
26KB
-
MD5
086a082e1bca733aad204df988eb6ebd
-
SHA1
2015c095b99ea6ddeb1d29be2009fb46d12fdc87
-
SHA256
45d45b47686dead4f4b6ea3ae08caee366bb585855debf8ddaf7fb7c0f4db7c5
-
SHA512
5a933767baea0fe3296d2bcc3951589cda5b9c9159545ce22a0d0f47461eb43f395d8b92acab46763fe5023e3497cc02faf71977aa0bd70897cfc81df571178e
-
SSDEEP
384:YVLt7/i+u9veZVsOHiplBFw+0kARfIFs+Oy9wryGcgyE6CL:QJ2+u9vqPoXhpARgvOlN6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 086a082e1bca733aad204df988eb6ebd_JaffaCakes118
Files
-
086a082e1bca733aad204df988eb6ebd_JaffaCakes118.sys windows:6 windows x86 arch:x86
601665784f4dff2dbee1739ae09ceb14
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_aullshr
_aullrem
RtlAppendUnicodeStringToString
wcslen
memset
ObfDereferenceObject
strcmp
PsLookupProcessByProcessId
PsTerminateSystemThread
KeDelayExecutionThread
ZwClose
PsCreateSystemThread
wcsncpy
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
wcsncat
wcscpy
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ZwWriteFile
ZwCreateFile
IoRegisterFsRegistrationChange
KeInitializeMutex
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeToString
ZwQueryDirectoryObject
ZwOpenDirectoryObject
KeReleaseMutex
KeWaitForSingleObject
memcpy
ExAllocatePoolWithTag
ExFreePoolWithTag
MmIsAddressValid
CmRegisterCallback
ExInitializeResourceLite
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlCopyUnicodeString
RtlCompareUnicodeString
ExAcquireResourceSharedLite
ObQueryNameString
ZwEnumerateValueKey
ExQueueWorkItem
ZwSetValueKey
ZwCreateKey
ZwQuerySystemInformation
PsLookupThreadByThreadId
wcscmp
KeUnstackDetachProcess
KeStackAttachProcess
ZwAllocateVirtualMemory
ZwOpenProcess
KeInsertQueueApc
KeInitializeApc
NtBuildNumber
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 371B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 896B - Virtual size: 818B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ