J:\T3\tndriver\driver\objfre_wxp_x86\i386\core.pdb
Static task
static1
1 signatures
General
-
Target
15a9b5d8f6b8f0b1b4099e45d87da938_JaffaCakes118
-
Size
70KB
-
MD5
15a9b5d8f6b8f0b1b4099e45d87da938
-
SHA1
641ae0790819b76755a379feccb8330214e81f6a
-
SHA256
0fb680e690991a834bb3bcfb08d59d74ff35f9367ba672f64a8f44248fa45a73
-
SHA512
fac234c38c290267f54550777f0dd38b509327cd8a9583d13d28ff776174c737ee8365ef6390106eebf4f551f2f7dbb36eab98c56abacf3b3c41f468d55ee58a
-
SSDEEP
1536:nk2kT7QFIOFkKdbuprsntGWL1U0ggUQKNWQoVX/6aX:nkn7QPld6pEIW5U+m9Ovb
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 15a9b5d8f6b8f0b1b4099e45d87da938_JaffaCakes118
Files
-
15a9b5d8f6b8f0b1b4099e45d87da938_JaffaCakes118.sys windows:5 windows x86 arch:x86
f1938e4449d903b28414cce64a9f7321
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeWaitForSingleObject
KeReleaseMutex
ZwLoadKey
ZwReplaceKey
ZwRestoreKey
ZwDeleteValueKey
ZwDeleteKey
ZwSetValueKey
ZwClose
ZwOpenKey
ZwCreateKey
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
RtlNtStatusToDosError
ZwDeleteFile
ZwCreateFile
ZwSetInformationFile
KeInitializeMutex
KeServiceDescriptorTable
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ZwWriteFile
ZwReadFile
IoCreateFile
ObfDereferenceObject
ZwQueryInformationProcess
RtlCompareUnicodeString
ObOpenObjectByPointer
PsLookupProcessByProcessId
_strnicmp
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
KeQuerySystemTime
RtlUnicodeStringToAnsiString
_alldiv
strstr
ZwQueryKey
PsGetVersion
MmGetSystemRoutineAddress
_except_handler3
IoFreeMdl
MmUnlockPages
KeInsertQueueApc
KeInitializeApc
RtlRandom
KeUnstackDetachProcess
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
ZwQueryValueKey
ZwQueryInformationFile
ZwEnumerateValueKey
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
TnRunExe Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 887B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ