dmio.pdb
Static task
static1
1 signatures
General
-
Target
6754fe0d73b069ed5bd577ef837b3990_JaffaCakes118
-
Size
149KB
-
MD5
6754fe0d73b069ed5bd577ef837b3990
-
SHA1
edd19785942382b1ee5b67e8f4e22f3aff4bc9c7
-
SHA256
437af52aed939f746e82b4ebbc8409b1e0cccaa0d15810142832b42efdb6d33d
-
SHA512
0d33f0bbeb1c96e3776f37ae9387c775627d4674b01c8f6c8c8d81d180a708d036c23ed0b0ca5fe79a7418a4d82d526bd2a33f37a3949c40375dffe5947d4358
-
SSDEEP
3072:SP+1wyyBw0iQM+jCc10YiYtlxpq2jGIKwJkXkzmA5wrH0vEeqD0d:G+12w0TM0il2dKoIkzP58CJ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6754fe0d73b069ed5bd577ef837b3990_JaffaCakes118
Files
-
6754fe0d73b069ed5bd577ef837b3990_JaffaCakes118.sys windows:5 windows x86 arch:x86
36d1d1a79a966dff6d007e85983dbf9e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
IoBuildAsynchronousFsdRequest
ObfReferenceObject
IoAllocateIrp
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
MmGetPhysicalAddress
IoAllocateMdl
_allshr
KeInitializeEvent
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
_except_handler3
MmUnmapLockedPages
IofCompleteRequest
memmove
KeSetEvent
ProbeForRead
ProbeForWrite
KeTickCount
PsCreateSystemThread
KeInitializeSemaphore
FsRtlIsTotalDeviceFailure
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlInitUnicodeString
swprintf
RtlCopyUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
RtlVerifyVersionInfo
VerSetConditionMask
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
RtlFreeUnicodeString
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlInitAnsiString
RtlAppendUnicodeStringToString
RtlStringFromGUID
IoFreeIrp
RtlFreeAnsiString
IoDeleteSymbolicLink
strncmp
RtlUnicodeStringToAnsiString
wcsncmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryValueKey
ZwOpenKey
IoGetDeviceProperty
RtlCompareMemory
IoWritePartitionTableEx
_allmul
IoReadPartitionTableEx
IoRegisterDriverReinitialization
IoReportDetectedDevice
IoCreateSynchronizationEvent
IoWriteErrorLogEntry
strncpy
IoAllocateErrorLogEntry
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
ZwCreateDirectoryObject
ZwMakeTemporaryObject
isdigit
PoRequestPowerIrp
PoSetPowerState
IoWMIRegistrationControl
wcslen
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
IoDeleteDevice
MmUnlockPages
RtlAnsiStringToUnicodeString
IoFreeMdl
IoInvalidateDeviceRelations
KeQuerySystemTime
IoVolumeDeviceToDosName
KeReleaseSemaphore
KeInitializeDpc
KeInitializeTimer
KeSetTimer
PsTerminateSystemThread
_aulldvrm
IoRaiseInformationalHardError
_allrem
_alldiv
_alldvrm
ZwClose
sprintf
hal
ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 820B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ