netbt.pdb
Static task
static1
1 signatures
General
-
Target
055f25ad3ea978f536bfc774e2feabd9_JaffaCakes118
-
Size
180KB
-
MD5
055f25ad3ea978f536bfc774e2feabd9
-
SHA1
c659b8aa85a874094cf0a118f324ba8753ad8cf8
-
SHA256
94b18879c9e4cb2a0ee937e334bfecf939e40ead9a044a965f9b60fd99d2c71e
-
SHA512
90e5cac69efd7e41f8eaac02731893be08543c9aa9d3cd6167667778c65986d7aaa280afcfe4b12a51af3d916d8ad80896e835e75a967674b6a47b5bb461fe0c
-
SSDEEP
3072:qOk8MpqAu7Z7AIWQfy/wY+N6nwBMUfgnZEeZPn0thbeeFPoYGBOdX:qO4u7FAUjYxeqZEEPSBjLc2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 055f25ad3ea978f536bfc774e2feabd9_JaffaCakes118
Files
-
055f25ad3ea978f536bfc774e2feabd9_JaffaCakes118.sys windows:6 windows x86 arch:x86
25a1aa21c89ad6c804808de1357fe256
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeIrp
IofCompleteRequest
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlOemStringToUnicodeString
RtlInitString
MmMapLockedPagesSpecifyCache
RtlAppendStringToString
RtlInitAnsiString
strchr
ExDeleteNPagedLookasideList
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
KeCancelTimer
ZwClose
ZwCancelTimer
ZwSetTimer
ZwCreateTimer
_aulldiv
_allmul
IofCallDriver
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
KeSetTimer
KeInitializeDpc
KeInitializeTimer
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoDeleteDevice
KeDelayExecutionThread
KeClearEvent
ExDeleteResourceLite
IoGetRelatedDeviceObject
RtlCopyUnicodeString
memchr
ZwReadFile
KeEnterCriticalRegion
RtlFreeUnicodeString
ZwCreateFile
IoAllocateIrp
SeAssignSecurity
IoSetShareAccess
IoCheckShareAccess
SeAccessCheck
ObReferenceObjectByHandle
NtWaitForSingleObject
ZwDeviceIoControlFile
ZwCreateEvent
ZwCreateKey
ExfInterlockedPushEntryList
ExQueueWorkItem
IoFreeWorkItem
IoCancelIrp
IoFileObjectType
MmUserProbeAddress
IoQueueWorkItem
IoAllocateWorkItem
KeInsertQueueDpc
RtlCompareUnicodeString
_vsnprintf
RtlExtendedMagicDivide
MmBuildMdlForNonPagedPool
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlGUIDFromString
RtlIpv4AddressToStringW
RtlAppendUnicodeToString
ZwOpenKey
ZwQueryValueKey
memmove
IoBuildPartialMdl
MmUnmapLockedPages
MmLockPagableDataSection
KeTickCount
KeBugCheckEx
RtlUnwind
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
strncmp
memset
memcpy
RtlIpv4StringToAddressA
SeDeassignSecurity
_alldiv
RtlGetCallersAddress
RtlExtendedLargeIntegerDivide
KeInitializeSemaphore
IoAllocateMdl
ExfInterlockedInsertHeadList
PsGetCurrentProcess
KeAttachProcess
KeDetachProcess
ExfInterlockedInsertTailList
ObfDereferenceObject
IoFreeMdl
KeWaitForSingleObject
KeResetEvent
KeSetEvent
_stricmp
KeGetCurrentThread
ExSystemTimeToLocalTime
KeInitializeEvent
ExInitializeResourceLite
strrchr
RtlCompareMemory
RtlGetVersion
KeQuerySystemTime
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoAcquireCancelSpinLock
IoRemoveShareAccess
IoReleaseCancelSpinLock
ExAllocatePoolWithTag
ZwQueryInformationFile
ExFreePoolWithTag
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwSetValueKey
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
tdi.sys
TdiEnumerateAddresses
TdiPnPPowerComplete
TdiDeregisterNetAddress
TdiDeregisterDeviceObject
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiProviderReady
TdiInitialize
TdiRegisterProvider
TdiRegisterPnPHandlers
TdiMapUserRequest
TdiDeregisterPnPHandlers
TdiDeregisterProvider
TdiDefaultRcvExpeditedHandler
TdiDefaultConnectHandler
TdiDefaultDisconnectHandler
TdiDefaultErrorHandler
TdiDefaultReceiveHandler
TdiDefaultSendPossibleHandler
TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiDefaultRcvDatagramHandler
TdiBuildNetbiosAddress
TdiPnPPowerRequest
netio.sys
NsiAllocateAndGetTable
NsiFreeTable
NsiSetAllParameters
NsiGetAllParameters
NsiGetParameter
ndis.sys
NdisGetThreadObjectCompartmentId
NdisSetThreadObjectCompartmentId
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENBT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ