e:\drivers\kaola\fsprot\filespy\filter\objfre_w2K_x86\i386\fanii.pdb
Static task
static1
1 signatures
General
-
Target
5c5c28b4fae7fb6d2bfb4e714200a460_JaffaCakes118
-
Size
37KB
-
MD5
5c5c28b4fae7fb6d2bfb4e714200a460
-
SHA1
1ade8f16963ede80ac721f8bd6283a60b5cdf7d2
-
SHA256
81aefb5ce6b06bb8523ffefcb0e7e6fa5b40f6ca7da092562fae1ea88dc8e985
-
SHA512
14a8224346fd236e3aeb6f67bed947d4d93be4241296b1cd6f60f2c47d68b501e478bcf6a6bb954182b8d36dfb3d86db18f4f2ae1e1e4123172be1c1857f6142
-
SSDEEP
768:hMU+GStBsULmXjn1Ns3Rj0j5R88B4tFmDvjkik9eyBX:hMU+vtdCreFmDvjkik9ZBX
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5c5c28b4fae7fb6d2bfb4e714200a460_JaffaCakes118
Files
-
5c5c28b4fae7fb6d2bfb4e714200a460_JaffaCakes118.sys windows:5 windows x86 arch:x86
dc0874c06ec7b452fc10bcfb16bec532
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcsicmp
ExFreePool
ExSystemTimeToLocalTime
KeQuerySystemTime
ExAllocatePoolWithTag
_except_handler3
ZwClose
ZwQueryValueKey
DbgPrint
ZwOpenKey
RtlInitUnicodeString
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
strstr
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
IoCreateDevice
IoRegisterFsRegistrationChange
ExInitializeNPagedLookasideList
KeInitializeSpinLock
IoDeleteSymbolicLink
IoCreateSymbolicLink
ExInitializePagedLookasideList
IoDetachDevice
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
PsGetCurrentThreadId
PsGetCurrentProcessId
IoAttachDeviceToDeviceStack
IoFreeIrp
ObfReferenceObject
KeDelayExecutionThread
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
_wcsnicmp
RtlEqualUnicodeString
KeGetCurrentThread
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
wcslen
KeTickCount
KeBugCheckEx
IoDeleteDevice
ObfDereferenceObject
IofCompleteRequest
ExQueueWorkItem
DbgBreakPoint
KeSetEvent
sprintf
RtlVolumeDeviceToDosName
memmove
_snwprintf
ObQueryNameString
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
IoGetTopLevelIrp
hal
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ