C:\progz\NewWork\driver\objfre\i386\driver.pdb
Static task
static1
1 signatures
General
-
Target
294766adae282d2037765eb962e4e43e_JaffaCakes118
-
Size
19KB
-
MD5
294766adae282d2037765eb962e4e43e
-
SHA1
9cbcda7e28ad0399d91ebf20d3933de6e7b0e958
-
SHA256
f424043414503ec5d0ba9c6142b467e09b8c1adb42174abef3cf53e28d214a4f
-
SHA512
09a098de6e293e4e375dbb9d370f5da83299d1c1bd64332271314cc6dd2133b8101e54b0d81333b0eb09c1959ddd4abc8c84c64cc0565e551ba8c097238aa396
-
SSDEEP
192:mRTYJhM36U0kwUKRk1qQQVJvukzRHHWLfqedjFZWWGZwnLT55aAcLF8n+3gOBTpa:eAy3BLwgILzdHWRAQT5ZI3B9/rnhj/y
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 294766adae282d2037765eb962e4e43e_JaffaCakes118
Files
-
294766adae282d2037765eb962e4e43e_JaffaCakes118.sys windows:5 windows x86 arch:x86
494b33fda1de40db39d9112fe9c211dc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcslwr
wcsncpy
PsGetCurrentProcessId
wcscpy
_stricmp
ZwQuerySystemInformation
_wcsnicmp
_strnicmp
IoGetCurrentProcess
strncpy
ZwDeleteKey
ZwEnumerateKey
ZwOpenKey
IoGetRelatedDeviceObject
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
KeReleaseMutex
KeWaitForSingleObject
KeInitializeEvent
KeInsertQueueApc
KeInitializeApc
KeClearEvent
ObfDereferenceObject
PsLookupThreadByThreadId
IoFreeMdl
KeDetachProcess
MmMapLockedPages
KeAttachProcess
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
NtSetInformationProcess
ObReferenceObjectByHandle
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeInitializeMutex
wcstombs
IofCompleteRequest
wcsstr
KeGetCurrentThread
KeSetEvent
KeServiceDescriptorTable
MmProbeAndLockPages
ObfReferenceObject
SeDeleteAccessState
RtlCopyUnicodeString
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
ObCreateObject
IoFileObjectType
IoFreeIrp
IoAllocateIrp
ZwOpenFile
IoReuseIrp
IoGetDeviceObjectPointer
ProbeForWrite
MmUnlockPages
IoCancelIrp
IofCallDriver
_allmul
KeUnstackDetachProcess
KeStackAttachProcess
_except_handler3
PsCreateSystemThread
ZwOpenEvent
ZwCreateEvent
KeDelayExecutionThread
PsTerminateSystemThread
ZwOpenSection
ZwMapViewOfSection
ExAllocatePoolWithTag
swprintf
ExFreePoolWithTag
ZwUnmapViewOfSection
RtlInitUnicodeString
ZwCreateKey
wcslen
ZwSetValueKey
ZwClose
ProbeForRead
wcschr
hal
ExReleaseFastMutex
ExAcquireFastMutex
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 640B - Virtual size: 531B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ