c:\drlfw_ftpok\objchk_wnet_x86\i386\DrlFwKnd.pdb
General
-
Target
717148706427f3f8b635f4b586314750_JaffaCakes118
-
Size
98KB
-
MD5
717148706427f3f8b635f4b586314750
-
SHA1
2ff4f561e66436dd3391a12a48272d52aa44ba1f
-
SHA256
2dd8d50af332fd81dbc481716da3d40a3b091aada85ac0d4f5ee583100ef2d5d
-
SHA512
f81151e86b84be62f77d098d6b50a6c13f36bdb7313b52fcc56b0b98c9dc72de7890dcf77803478ca89222312f67ab00db77934c4285f7107d528e7b117ed4a8
-
SSDEEP
1536:0M0/rZuq1tCq0dBCkVk/skSkSIrtE1+x84GThY0wuVCenFICPEZQ89BeEnPNVVxP:YjZuqRkNNhAOs9gEn2ObbXo
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 717148706427f3f8b635f4b586314750_JaffaCakes118
Files
-
717148706427f3f8b635f4b586314750_JaffaCakes118.sys windows:6 windows x86 arch:x86
6ccd4482383c93309d7c369db57431fb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeBugCheckEx
KeTickCount
KeSetEvent
ZwClose
MmUnmapLockedPages
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ExAllocatePool
ExFreePoolWithTag
KeCancelTimer
KeInitializeTimer
KeInitializeDpc
KeSetTimerEx
KeQuerySystemTime
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
MmMapLockedPagesSpecifyCache
IoFreeMdl
IofCompleteRequest
memcpy
memset
RtlInitUnicodeString
DbgPrint
RtlAssert
hal
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
ndis.sys
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisDprFreePacket
NdisDeregisterProtocol
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisReEnumerateProtocolBindings
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisMDeregisterDevice
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisMSleep
NdisMRegisterDevice
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisRegisterProtocol
NdisIMDeregisterLayeredMiniport
NdisIMAssociateMiniport
NdisPacketPoolUsage
NdisOpenAdapter
NdisAllocatePacket
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisIMGetCurrentPacketStack
NdisRequest
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisReturnPackets
NdisGetPoolFromPacket
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisFreePacketPool
NdisTerminateWrapper
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 473B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.vmp0 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ