d:\fopn3\BIN\i386\fsflt.pdb
Static task
static1
1 signatures
General
-
Target
234c485ed6f2116267a9e1b533891f7a_JaffaCakes118
-
Size
41KB
-
MD5
234c485ed6f2116267a9e1b533891f7a
-
SHA1
3338cf7e05b106875a251b1fee26744918ff3902
-
SHA256
6a9f7d74a66248ba440f83e85cf3a1b731907623c400e624e254463909964171
-
SHA512
a4b04303bb49b234199a572a95de766642bc0e232e9df9919d75fbfefd2683ccdc1df0684c18095e290d6511fc880e21186d2cc76de80a5d82994747c14e0863
-
SSDEEP
768:AsY36WWNmX//EI8GZ3w/H4uN/6sNWdMl0GBkgTBfysmSDtnjYMLVMYBLvAtDA:TYhWNmX//EI8sSNNl0G7fLmiBB7oDA
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 234c485ed6f2116267a9e1b533891f7a_JaffaCakes118
Files
-
234c485ed6f2116267a9e1b533891f7a_JaffaCakes118.sys windows:5 windows x86 arch:x86
dbc9da2796fff07d86b1c390a8cdfbf3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExQueueWorkItem
KeSetEvent
IoAttachDeviceToDeviceStack
DbgPrint
KeDelayExecutionThread
RtlCopyUnicodeString
ObQueryNameString
ObfDereferenceObject
ExFreePoolWithTag
ExAllocatePoolWithTag
ObfReferenceObject
ZwClose
ZwQueryValueKey
ZwOpenKey
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlEqualUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
IoCreateDevice
_except_handler3
IoGetDeviceObjectPointer
IoRegisterFsRegistrationChange
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IofCallDriver
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
ExInitializeResourceLite
KeServiceDescriptorTable
KePulseEvent
IoGetRequestorProcessId
wcslen
PsGetCurrentProcessId
IoCancelFileOpen
ObReferenceObjectByHandle
ZwOpenFile
ZwCreateFile
KeReleaseMutex
ZwEnumerateValueKey
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
PsCreateSystemThread
KeQuerySystemTime
wcsstr
KeWaitForMultipleObjects
IoQueryFileInformation
RtlUpcaseUnicodeChar
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
PsGetVersion
RtlInitUnicodeString
IoRegisterShutdownNotification
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFreeUnicodeString
hal
ExReleaseFastMutex
KeGetCurrentIrql
ExAcquireFastMutex
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 896B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ