smss.pdb
Static task
static1
General
-
Target
646f19789b85dede4adf438a51a50caa_JaffaCakes118
-
Size
129KB
-
MD5
646f19789b85dede4adf438a51a50caa
-
SHA1
c106de3e633669ab6b7f7606fe49fbb087043f41
-
SHA256
265b6f1adf9b879c8a2e6bcbdd1b90dff6a785c22e235822f6bf71a4d53198c2
-
SHA512
1b1eb2fe3dccc0ad9a7174aa1ef5578283cf1a779564c7ec8b6890d8e7874e9db85dcc9d59de52ed788ee672077bcbee78359f17247d853c4532bd3586b3cf79
-
SSDEEP
3072:p+l/PBXF7o1w9E3eP3xBCdSgw49p0Zl4zKa+NrNh7we1qSfOsMj:p+l/PBXF7o1N3yCfw4ynaqPmSfO3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 646f19789b85dede4adf438a51a50caa_JaffaCakes118
Files
-
646f19789b85dede4adf438a51a50caa_JaffaCakes118.sys windows:5 windows x86 arch:x86
d3daf2245dcd370775e5c6428fc0e118
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntdll
NtTerminateProcess
NtRaiseHardError
RtlInitUnicodeString
RtlAdjustPrivilege
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeUnicodeString
DbgPrintEx
RtlExtendedIntegerMultiply
NtQueryVolumeInformationFile
NtOpenFile
NtClose
wcslen
wcscpy
NtQueryInformationProcess
NtCreatePagingFile
NtSetInformationFile
NtQueryInformationFile
DbgPrint
NtQuerySystemInformation
_allmul
NtSetSecurityObject
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings_U
NtQueryValueKey
swprintf
NtOpenKey
NtSetValueKey
NtCreateKey
NtCreateFile
NtReadFile
_chkstk
wcsstr
_wcsupr
NtMakeTemporaryObject
NtCreateSymbolicLinkObject
NtOpenDirectoryObject
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
NtCreateSection
LdrVerifyImageMatchesChecksum
NtCreateDirectoryObject
RtlSetEnvironmentVariable
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlCompareUnicodeString
RtlEqualString
memmove
_wcsicmp
RtlCreateUnicodeString
RtlDosSearchPath_U
RtlQueryEnvironmentVariable_U
RtlEqualUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtResumeThread
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlLockBootStatusData
NtDisplayString
sprintf
NtDuplicateObject
RtlLengthSid
RtlGetAce
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtRequestWaitReplyPort
RtlFindMessage
NtSetEvent
NtSetSystemInformation
NtCreateEvent
RtlLeaveCriticalSection
RtlEnterCriticalSection
wcscat
LdrQueryImageFileExecutionOptions
NtDelayExecution
NtInitializeRegistry
RtlQueryRegistryValues
NtDeleteValueKey
RtlCreateEnvironment
RtlCreateUserThread
NtCreatePort
RtlInitializeCriticalSection
NtSetInformationProcess
RtlCreateTagHeap
NtSetInformationThread
NtQueryInformationToken
NtOpenThreadToken
NtImpersonateClientOfPort
NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtOpenProcess
NtReplyWaitReceivePort
RtlExitUserThread
NtReplyPort
RtlSetThreadIsCritical
NtWaitForMultipleObjects
RtlSetProcessIsCritical
RtlUnicodeStringToAnsiString
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
DbgBreakPoint
RtlNormalizeProcessParams
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 83KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE