d:\工作\ppc压力测试\driver\objfre_wnet_x86\i386\passthru.pdb
General
-
Target
418bf6cb19c108f4cb65f3ec6cc86b34_JaffaCakes118
-
Size
29KB
-
MD5
418bf6cb19c108f4cb65f3ec6cc86b34
-
SHA1
7483e55f758208f61efc03b56a8895188f6f6a02
-
SHA256
8a33d4b3bf32be5b1b6bcacb14abb3ee2f1d445d2a719fed5469ca55e3ce46d8
-
SHA512
f05fff2cf62011d6716b90c3b956342221f7fccc5fd12cf276f574f3f451fd180488ca06b7e88bc9460901b74898bdd951678f010a8194e46d55f51b2c90c6ae
-
SSDEEP
768:Tmqph6gNp8VCbjosdlw+2ddwmea/nMD8WGh/M:n8VGVe7ws/Y8WGNM
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 418bf6cb19c108f4cb65f3ec6cc86b34_JaffaCakes118
Files
-
418bf6cb19c108f4cb65f3ec6cc86b34_JaffaCakes118.sys windows:6 windows x86 arch:x86
5eb10a88821836e45f98778bdb40680b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeBugCheckEx
KeTickCount
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
memcpy
IofCompleteRequest
RtlInitUnicodeString
memset
memmove
MmMapLockedPagesSpecifyCache
IoFreeMdl
hal
KfReleaseSpinLock
KfAcquireSpinLock
ndis.sys
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisIMCancelInitializeDeviceInstance
NdisAllocatePacketPoolEx
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisGetReceivedPacket
NdisInitializeEvent
NdisFreePacketPool
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisIMGetCurrentPacketStack
NdisRequest
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisReturnPackets
NdisGetPoolFromPacket
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisFreeMemory
NdisAllocateMemory
NdisMDeregisterDevice
NdisIMDeregisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisMRegisterDevice
NdisMSleep
NdisDeregisterProtocol
NdisDprAllocatePacket
NdisIMNotifyPnPEvent
NdisReEnumerateProtocolBindings
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 375B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 1024B - Virtual size: 710B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 540B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ