Wdf01000.pdb
Static task
static1
1 signatures
General
-
Target
67ae7e7b49142dc96549cb85d4773e16_JaffaCakes118
-
Size
434KB
-
MD5
67ae7e7b49142dc96549cb85d4773e16
-
SHA1
015f46a29ca21d2d0a178ca3f4d0bd729cfe6055
-
SHA256
e6d09420679a2059f7d63adf0aa92d81d7a4ffc12f0ccf81311b85b8a1a377e6
-
SHA512
4fb1ea0c83c7060d22309825c8c7dc66d9c3c24c6268caaefcc13f3c17ce78b034b045ac46713841470cf1a1b297cd3d762afbb5eedf5d3d527e5f4482cac68c
-
SSDEEP
12288:ON2eVV8eWMBc6eAxRmX1tNTi2Vtzh6N0xNAGqC:yF3tHBcqGXNh6NUAu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 67ae7e7b49142dc96549cb85d4773e16_JaffaCakes118
Files
-
67ae7e7b49142dc96549cb85d4773e16_JaffaCakes118.sys windows:6 windows x86 arch:x86
baf3b4383ddb0e818cdef67eda07461d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoAllocateDriverObjectExtension
ZwSetValueKey
ZwCreateKey
ZwOpenKey
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwDeleteValueKey
IoGetDriverObjectExtension
KeTickCount
KeBugCheckEx
RtlAnsiCharToUnicodeChar
RtlCopyUnicodeString
ZwDeleteKey
ZwClose
DbgBreakPoint
KeInitializeEvent
KeInitializeSpinLock
ExDeleteNPagedLookasideList
IoGetDmaAdapter
ExInitializeNPagedLookasideList
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
_purecall
IoFreeMdl
MmUnlockPages
ObfDereferenceObject
IoGetAttachedDeviceReference
IoGetDeviceProperty
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeSetEvent
KeClearEvent
KeWaitForSingleObject
IofCallDriver
RtlCompareMemory
IoFreeIrp
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
IoAllocateIrp
ObfReferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
_allmul
KeGetCurrentThread
KeInsertQueueDpc
KeInitializeDpc
IoReuseIrp
IoAcquireRemoveLockEx
IoInvalidateDeviceState
IoCreateSymbolicLink
IoRequestDeviceEject
IoWMIWriteEvent
IoWMIRegistrationControl
KeDelayExecutionThread
RtlQueryRegistryValues
strncmp
IoAllocateMdl
MmMapLockedPagesSpecifyCache
memset
MmBuildMdlForNonPagedPool
IoDeleteSymbolicLink
IoInitializeRemoveLockEx
IoIsWdmVersionAvailable
IoOpenDeviceRegistryKey
IoAttachDeviceToDeviceStack
IoDetachDevice
IoReleaseRemoveLockEx
KeSetTimer
IoCancelIrp
KeCancelTimer
KeInitializeTimerEx
IoReleaseCancelSpinLock
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
IoFreeWorkItem
IoAllocateWorkItem
IoQueueWorkItem
IoInvalidateDeviceRelations
KeSetTimerEx
KeInitializeTimer
KdDebuggerNotPresent
KdDebuggerEnabled
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
ExDeletePagedLookasideList
ExInitializePagedLookasideList
KeRemoveQueueDpc
IoUnregisterShutdownNotification
IoRegisterLastChanceShutdownNotification
IoRegisterShutdownNotification
PoStartNextPowerIrp
KeQuerySystemTime
MmUnmapLockedPages
MmSizeOfMdl
IoBuildPartialMdl
MmProbeAndLockPages
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
PsGetVersion
MmGetSystemRoutineAddress
MmUnlockPagableImageSection
MmLockPagableSectionByHandle
MmLockPagableDataSection
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
MmIsDriverVerifying
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeSetImportanceDpc
ZwQueryValueKey
KeReadStateEvent
PoCallDriver
PoSetPowerState
IoGetStackLimits
IoReleaseRemoveLockAndWaitEx
KeSynchronizeExecution
IoConnectInterrupt
IoDisconnectInterrupt
ExCreateCallback
ExRegisterCallback
ExUnregisterCallback
PoRequestPowerIrp
KeQueryTimeIncrement
RtlUnwind
memcpy
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
DbgPrint
IoDeleteDevice
IoCreateDevice
memmove
IofCompleteRequest
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
KeNumberProcessors
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
KeSetTargetProcessorDpc
PsTerminateSystemThread
PsCreateSystemThread
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
KiBugCheckData
wdfldr.sys
WdfRegisterLibrary
WdfLdrDiagnosticsValueByNameAsULONG
hal
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
ExReleaseFastMutex
Sections
.text Size: 341KB - Virtual size: 341KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEWdfV Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE