D:\WinDiag\GenDrv\recd1127\Release\i386\GenericDrv.pdb
Static task
static1
1 signatures
General
-
Target
5fbcaf4482c5bb0c6e2ab001d8747d19_JaffaCakes118
-
Size
6KB
-
MD5
5fbcaf4482c5bb0c6e2ab001d8747d19
-
SHA1
aeff1ce37e51de16dac9d0048c769f321f199a0b
-
SHA256
160d6f8eeee7f4f5c6505f3dd3cf3a0eb323bd4dfa3ee884a04f2e9d03987a4d
-
SHA512
d99b81a7402d6f013221388d28871bd75b7dbec259421ce09466a1a796017c770a3723f7552ab4a73b2b2d113ca9fdc4ec2e31a71dc1560871d781e1e250dd7c
-
SSDEEP
192:5zN+fHjAMb5VsdvhKZ5eZ9/+kA4bGfwLmcbug9z:tAUHZrD+DIkwLmcbuez
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5fbcaf4482c5bb0c6e2ab001d8747d19_JaffaCakes118
Files
-
5fbcaf4482c5bb0c6e2ab001d8747d19_JaffaCakes118.sys windows:5 windows x86 arch:x86
59d29957d2b10638e53a78e34ca8304c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
WRITE_REGISTER_ULONG
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
MmFreeContiguousMemory
IoFreeMdl
MmMapLockedPages
MmBuildMdlForNonPagedPool
WRITE_REGISTER_USHORT
MmGetPhysicalAddress
MmIsAddressValid
MmAllocateContiguousMemory
MmUnmapLockedPages
IoDeleteDevice
IoDeleteSymbolicLink
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
WRITE_REGISTER_UCHAR
READ_REGISTER_ULONG
READ_REGISTER_USHORT
READ_REGISTER_UCHAR
MmUnmapIoSpace
DbgPrint
IoAllocateMdl
MmMapIoSpace
hal
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
WRITE_PORT_ULONG
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 267B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 1004B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ