Wdf01000.pdb
Static task
static1
1 signatures
General
-
Target
17d00cea2eb90509ce073a28130d216b_JaffaCakes118
-
Size
434KB
-
MD5
17d00cea2eb90509ce073a28130d216b
-
SHA1
311832507473e307c989838cb4538e7775861ad9
-
SHA256
9af2bbaeea1cc943096c120bc38d883d364623875a8b6f62f4c26e441dc581ac
-
SHA512
6514e4218a99a1af7fe50dcba5f7966090f4a74aea3dc29391daed2ed15c4905a99ba938c70ac3daf5ed81e1b6c2054b23159770e01826ba4b101bc46f872d14
-
SSDEEP
12288:Uu7Watv2svKANakZJQI+iPZHUzWyCdMOHCciMPURkLh:VyaBHSef+orMOiACkLh
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 17d00cea2eb90509ce073a28130d216b_JaffaCakes118
Files
-
17d00cea2eb90509ce073a28130d216b_JaffaCakes118.sys windows:6 windows x86 arch:x86
baf3b4383ddb0e818cdef67eda07461d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoAllocateDriverObjectExtension
ZwSetValueKey
ZwCreateKey
ZwOpenKey
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwDeleteValueKey
IoGetDriverObjectExtension
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlCopyUnicodeString
ZwDeleteKey
ZwClose
DbgBreakPoint
KeInitializeEvent
KeInitializeSpinLock
ExDeleteNPagedLookasideList
IoGetDmaAdapter
ExInitializeNPagedLookasideList
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
_purecall
IoFreeMdl
MmUnlockPages
ObfDereferenceObject
IoGetAttachedDeviceReference
IoGetDeviceProperty
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeSetEvent
KeClearEvent
KeWaitForSingleObject
IofCallDriver
RtlCompareMemory
IoFreeIrp
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
IoAllocateIrp
ObfReferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
_allmul
KeGetCurrentThread
KeInsertQueueDpc
KeInitializeDpc
IoReuseIrp
IoAcquireRemoveLockEx
IoInvalidateDeviceState
IoCreateSymbolicLink
IoRequestDeviceEject
IoWMIWriteEvent
IoWMIRegistrationControl
KeDelayExecutionThread
RtlQueryRegistryValues
strncmp
IoAllocateMdl
MmMapLockedPagesSpecifyCache
memset
MmBuildMdlForNonPagedPool
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoIsWdmVersionAvailable
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoDetachDevice
IoReleaseRemoveLockEx
KeSetTimer
IoCancelIrp
KeCancelTimer
KeInitializeTimerEx
IoReleaseCancelSpinLock
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IoFreeWorkItem
IoAllocateWorkItem
IoQueueWorkItem
IoInvalidateDeviceRelations
KeSetTimerEx
KeInitializeTimer
KdDebuggerNotPresent
KdDebuggerEnabled
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
ExDeletePagedLookasideList
ExInitializePagedLookasideList
KeRemoveQueueDpc
IoUnregisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoRegisterShutdownNotification
PoStartNextPowerIrp
KeQuerySystemTime
MmUnmapLockedPages
MmSizeOfMdl
IoBuildPartialMdl
MmProbeAndLockPages
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
PsGetVersion
MmGetSystemRoutineAddress
MmUnlockPagableImageSection
MmLockPagableSectionByHandle
MmLockPagableDataSection
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
MmIsDriverVerifying
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeSetImportanceDpc
ZwQueryValueKey
KeReadStateEvent
PoCallDriver
PoSetPowerState
IoGetStackLimits
IoReleaseRemoveLockAndWaitEx
KeSynchronizeExecution
IoConnectInterrupt
IoDisconnectInterrupt
ExCreateCallback
ExRegisterCallback
ExUnregisterCallback
PoRequestPowerIrp
KeQueryTimeIncrement
RtlUnwind
memcpy
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
DbgPrint
IoDeleteDevice
IoCreateDevice
memmove
IofCompleteRequest
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
KeNumberProcessors
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
KeSetTargetProcessorDpc
PsTerminateSystemThread
PsCreateSystemThread
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
KiBugCheckData
wdfldr.sys
WdfRegisterLibrary
WdfLdrDiagnosticsValueByNameAsULONG
hal
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
ExReleaseFastMutex
Sections
.text Size: 341KB - Virtual size: 341KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWdfV Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE