f:\checkpoints\tpdrv\do_not_release_v10_1_8\kernel\winnt\synwdf\objfre_wnet_AMD64\amd64\SynTP.pdb
Static task
static1
1 signatures
General
-
Target
3087a840a97c80231d78767ae09bde10_JaffaCakes118
-
Size
306KB
-
MD5
3087a840a97c80231d78767ae09bde10
-
SHA1
9cb5eaeaf100e647efa82577b72d519b00b87ce5
-
SHA256
40209dd150e8c1ddeb618dd1b4520bc2eb76b1c7c77d59860aad859d29dcdfe1
-
SHA512
61d93dcb0323efeb53d6fe9ddb26ca7dad90a2c62c863bddb51cec1f724f3ae1a7a21742d463113ef2604ad855981782bb496ca3d2bed0325e7d3ccdc487a5e2
-
SSDEEP
6144:ctGfpI23VYpE1Sde2gL6z+4hlRtUckzJz3+YrjWyflOp/6k3:cI6R+4hlRtUiYrK4m/6k
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3087a840a97c80231d78767ae09bde10_JaffaCakes118
Files
-
3087a840a97c80231d78767ae09bde10_JaffaCakes118.sys windows:5 windows x64 arch:x64
74cd829c0947560ec9394f35e177a4c9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ObfDereferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
IoStartNextPacket
PoUnregisterSystemState
PoRegisterSystemState
IoReleaseRemoveLockEx
IofCompleteRequest
PoStartNextPowerIrp
IoAcquireRemoveLockEx
IofCallDriver
IoReleaseRemoveLockAndWaitEx
PoSetPowerState
PoCallDriver
IoCancelIrp
IoReleaseCancelSpinLock
IoFreeIrp
IoRegisterShutdownNotification
RtlQueryRegistryValues
RtlCreateRegistryKey
RtlCheckRegistryKey
KeInitializeEvent
KeInitializeMutex
KeReleaseMutex
KeReleaseSpinLock
KeClearEvent
KeAcquireSpinLockRaiseToDpc
KeWaitForSingleObject
KeSetEvent
IoBuildSynchronousFsdRequest
IoInitializeIrp
IoFreeWorkItem
IoAllocateIrp
IoQueueWorkItem
IoAllocateWorkItem
IoCreateSynchronizationEvent
ZwClose
IoIsWdmVersionAvailable
ObReferenceObjectByHandle
ExEventObjectType
IoDetachDevice
IoAttachDeviceToDeviceStack
wcsstr
IoRegisterPlugPlayNotification
towlower
ZwEnumerateValueKey
ZwOpenKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeSynchronizeExecution
KeInitializeDpc
KeInsertQueueDpc
ExFreePoolWithTag
__C_specific_handler
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapLockedPages
PoRequestPowerIrp
swprintf
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
IoCreateNotificationEvent
ExQueueWorkItem
KeSetTimer
KeCancelTimer
KeInitializeTimer
KeSetTimerEx
KeDelayExecutionThread
IoBuildDeviceIoControlRequest
RtlCopyUnicodeString
ExAllocatePoolWithTag
RtlIntegerToUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlAppendUnicodeStringToString
ZwCreateFile
ZwWriteFile
KeBugCheckEx
IoCreateDevice
RtlWriteRegistryValue
IoCreateSymbolicLink
IoInitializeRemoveLockEx
sprintf
KeQueryTimeIncrement
IoUnregisterPlugPlayNotification
_purecall
hal
KeStallExecutionProcessor
KeQueryPerformanceCounter
usbd.sys
USBD_ParseConfigurationDescriptorEx
wdfldr.sys
WdfVersionUnbind
WdfVersionBind
Sections
.text Size: 249KB - Virtual size: 248KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ