G:\Work.SVN\dlxp_windrv_3.5\RDLCLNDRV\disk\objfre_wxp_x86\i386\richdisk.pdb
Static task
static1
1 signatures
General
-
Target
3e955e9786fd210cbcdea73286e65bea_JaffaCakes118
-
Size
40KB
-
MD5
3e955e9786fd210cbcdea73286e65bea
-
SHA1
885cdf56d51eed3fd4d3a513397294aff8dc78d4
-
SHA256
dd0b60b4a4e1a28cc50a7b46ccf6b4e12109b498447f29b41fecbae9e015e4a3
-
SHA512
7d651ed9a410032692d7c7b087b383aa5882a471b41e0117cc9c38013eee135dc287c571a2f6034a8cd91a0bc1a1b450ae754ea5e2743d9b81eda9046fd70cd6
-
SSDEEP
768:v2hf6j5dVlMHV9X8bC9wYaC2uKZJ+Elqr/+Zt:uhTHVNmQ2Dqr/s
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3e955e9786fd210cbcdea73286e65bea_JaffaCakes118
Files
-
3e955e9786fd210cbcdea73286e65bea_JaffaCakes118.sys windows:5 windows x86 arch:x86
36bcba216e49665c24b91a18d6fbfc2a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoCreateSymbolicLink
_wcsnicmp
DbgPrint
KeSetEvent
KeWaitForSingleObject
KeQuerySystemTime
ZwSetValueKey
KeDelayExecutionThread
KeSetPriorityThread
KeGetCurrentThread
ExfInterlockedInsertTailList
MmMapIoSpace
ZwCreateFile
_allmul
_alldiv
ExfInterlockedRemoveHeadList
PsCreateSystemThread
memmove
_allshl
KeTickCount
KeReleaseMutex
strstr
strrchr
ZwQuerySystemInformation
KeInitializeDpc
KeInitializeSpinLock
KeServiceDescriptorTable
memset
MmUnmapIoSpace
MmGetPhysicalMemoryRanges
MmFreePagesFromMdl
MmAllocatePagesForMdl
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
ObfDereferenceObject
IofCallDriver
wcscpy
wcslen
ZwCreateSymbolicLinkObject
isspace
isdigit
RtlFreeUnicodeString
IoCancelIrp
ObReferenceObjectByHandle
IoFreeIrp
IoAllocateIrp
IoGetRelatedDeviceObject
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
_except_handler3
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
KeInitializeMutex
RtlCopyUnicodeString
RtlInitUnicodeString
ZwOpenKey
ZwClose
KeInsertQueueDpc
KeInitializeEvent
ZwQueryValueKey
ExAllocatePoolWithTag
ExFreePoolWithTag
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
tdi.sys
TdiRegisterPnPHandlers
scsiport.sys
ScsiPortInitialize
ScsiPortNotification
richndis.sys
UDPSendDgram
UDPRecvDgram
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 640B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ