c:\WORK\Dok\PassThruEx\objfre_wxp_x86\i386\passthru.pdb
Static task
static1
1 signatures
General
-
Target
471a6ebcded42350d2663e53442beed5_JaffaCakes118
-
Size
210KB
-
MD5
471a6ebcded42350d2663e53442beed5
-
SHA1
58322ecde200c58b2521d99c964f6dbc47896247
-
SHA256
54bcb274e189af9d91d3becaae060a6567c030f7b7aea000acc311982d73e5b5
-
SHA512
e7e183784327291a6eee5c74f4d8df04034525b27c769d5016b13f3c06504e87bdffe38c753fd6b052656b5581895e0f7a3f4fd1f2f4397ef0171ca436c3b7cf
-
SSDEEP
3072:KgqOgX5jwI9gd4UIsgqydRiOFKH4wRj5ZRX6DNiNYZ0N:Kgk9wI9gd4HJdRi5H5RX6DGYZ2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 471a6ebcded42350d2663e53442beed5_JaffaCakes118
Files
-
471a6ebcded42350d2663e53442beed5_JaffaCakes118.sys windows:5 windows x86 arch:x86
b50ce0d9d782ffa1c91a8a65a69e8d8f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeTickCount
_stricmp
ZwQuerySystemInformation
ExFreePoolWithTag
ExAllocatePoolWithTag
PsLookupProcessByProcessId
PsLookupThreadByThreadId
KeInitializeApc
KeInsertQueueApc
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeStackAttachProcess
KeUnstackDetachProcess
_vsnprintf
KeReadStateEvent
_except_handler3
ProbeForRead
ExEventObjectType
ObReferenceObjectByHandle
ProbeForWrite
KeResetEvent
ObfDereferenceObject
IofCompleteRequest
KeSetEvent
memset
PsCreateSystemThread
ZwCreateFile
ZwQueryInformationFile
ZwReadFile
ZwClose
ZwWriteFile
memcpy
ndis.sys
NdisRequest
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBuffer
NdisAllocateBufferPool
NdisAllocateBuffer
NdisFreeSpinLock
NdisInterlockedDecrement
NdisFreePacketPool
NdisInterlockedIncrement
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisFreeMemory
NdisFreeBuffer
NdisDprFreePacket
NdisDeregisterProtocol
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisMDeregisterDevice
NdisMRegisterDevice
NdisAllocateSpinLock
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisRegisterProtocol
NdisIMDeregisterLayeredMiniport
NdisIMAssociateMiniport
NdisTerminateWrapper
NdisSetEvent
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisSend
NdisIMGetCurrentPacketStack
NdisReturnPackets
NdisGetPoolFromPacket
NdisTransferData
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisMSleep
NdisAllocateMemoryWithTag
NdisInitUnicodeString
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 704B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 672B - Virtual size: 644B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.arch Size: 167KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ