e:\mm\ndisdd\objfre_wxp_x86\i386\ndisdd.pdb
Static task
static1
1 signatures
General
-
Target
2ef7d0d2da0b49fa4407e4e8ab3dd69a_JaffaCakes118
-
Size
35KB
-
MD5
2ef7d0d2da0b49fa4407e4e8ab3dd69a
-
SHA1
881ddc8e5e2828b8f12b6139ad01631ec9f4235a
-
SHA256
94d48e60fc0ce4d7b78d87855e0066264ad62a6e7771c45f55e29c181be80d74
-
SHA512
66fc9ecaf7aab30553e0df4c6483f8b228c78ed64ec6bc6d795c9f1004c26809b54eb4bcc1ce0801c32951ea6db7fb9f8be25b7e571d374cbb1c1281176e02f1
-
SSDEEP
384:zhzHlhaT3ep1ZOM6pPn0DfviG5PYiEnTxwYyCLVm638pitTwFtD4CgTOv8W:/haUfei1hYyCLVRIgE3Xv
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2ef7d0d2da0b49fa4407e4e8ab3dd69a_JaffaCakes118
Files
-
2ef7d0d2da0b49fa4407e4e8ab3dd69a_JaffaCakes118.sys windows:5 windows x86 arch:x86
aedbccb7dfac0a07ffa16a7469b3ae01
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeResetEvent
wcstombs
ZwQueryDirectoryFile
ZwOpenFile
mbstowcs
_snprintf
ZwSetInformationFile
ExFreePoolWithTag
wcslen
ZwWriteFile
ZwCreateFile
ZwReadFile
ZwQueryInformationFile
atol
strchr
wcsncmp
ObfDereferenceObject
IoGetDeviceObjectPointer
strstr
strrchr
_stricmp
IoGetCurrentProcess
KeInsertQueueApc
ZwClose
KeUnstackDetachProcess
MmUnlockPages
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
ZwQueryValueKey
ZwOpenKey
wcscat
wcscpy
wcsncpy
ZwEnumerateKey
NtBuildNumber
wcscmp
strncpy
rand
KeReleaseSemaphore
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeTickCount
KeBugCheckEx
KeInitializeSemaphore
IoAllocateWorkItem
_except_handler3
KeWaitForSingleObject
ExFreePool
IoQueueWorkItem
IoCreateDevice
IoCreateSymbolicLink
ExAllocatePoolWithTag
KeInitializeEvent
PsCreateSystemThread
PsTerminateSystemThread
RtlCompareUnicodeString
DbgPrint
IofCompleteRequest
RtlInitUnicodeString
KeSetEvent
IoDeleteSymbolicLink
IoDeleteDevice
KeInitializeApc
KeDelayExecutionThread
hal
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ndis.sys
NdisAllocatePacket
NdisRegisterProtocol
NdisDeregisterProtocol
NdisTransferData
NdisAllocateMemoryWithTag
NdisAllocateBuffer
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisFreePacket
NdisQueryBufferSafe
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisAllocateBufferPool
NdisAllocatePacketPool
NdisFreeMemory
NdisSendPackets
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ