cdrom.pdb
Static task
static1
1 signatures
General
-
Target
5dc81d0eae7cebbc18c290e66d35e42d_JaffaCakes118
-
Size
48KB
-
MD5
5dc81d0eae7cebbc18c290e66d35e42d
-
SHA1
51645f6f63db82ff7c22effe9012a8b55ff60320
-
SHA256
d399a5624ca694e9219137635f1e5d6fd5cedd165c0e2afbf8b05ee7452eaa27
-
SHA512
0d53d94b07390d6f159ff88dde5b0364f24698fd07e7a10da39eb8b20f21b295d7c08c09196fcb953632d54413122d8c8556dfca62ac8d75fc3214dc3fd335d6
-
SSDEEP
768:dBz/eoZKKDZpBckai//rbUemtMTan/6c5/3FGdRz4m9bBD5pxjh2CJKCben:dBzmoZNB1/D65l1wD5pxjwCJti
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5dc81d0eae7cebbc18c290e66d35e42d_JaffaCakes118
Files
-
5dc81d0eae7cebbc18c290e66d35e42d_JaffaCakes118.sys windows:5 windows x86 arch:x86
3a0334333f6e1fb74bf51762b321d4d2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoAllocateDriverObjectExtension
KeSetEvent
memmove
_allshl
KeReleaseMutex
KeWaitForSingleObject
KeInitializeEvent
IoQueueWorkItem
IofCompleteRequest
IoFreeWorkItem
IoAllocateWorkItem
_aullshr
KeTickCount
ZwCreateKey
ZwOpenKey
KeBugCheckEx
KeInitializeSpinLock
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
MmLockPagableDataSection
_allshr
IoSetHardErrorOrVerifyDevice
IoSetStartIoAttributes
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
IoStartPacket
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
RtlInitUnicodeString
WmiQueryTraceInformation
WmiTraceMessage
_allmul
IoStartNextPacket
hal
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
classpnp.sys
ClassDeviceControl
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassResetMediaChangeTimer
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassScanForSpecial
ClassReleaseQueue
ClassInterpretSenseInfo
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassFindModePage
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHIT2 Size: 128B - Virtual size: 101B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHITA Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGETOSH Size: 640B - Virtual size: 526B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 384B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ