c:\winddk\7000.0.winmain_win7beta.081212-1400\src\win32dd\private\objfre_wlh_x86\i386\win32dd.pdb
Static task
static1
1 signatures
General
-
Target
747433d673fb3aab14fd94fb06cc90c9_JaffaCakes118
-
Size
22KB
-
MD5
747433d673fb3aab14fd94fb06cc90c9
-
SHA1
67bf784d6b65cb3f0deddbe1b0e5156b8fcc7869
-
SHA256
46a47d8c90e5c2b08101db93539aa2ab77f71153c5128b5d690dbc4f8eef704b
-
SHA512
100c17939c0aa6379ed65500ca8daf7e5c364d3d933a3d9f7a578fe2594e7508687cbafd1ccaf7db83ea94fce7e3d29ba4ef683bbb1d3b5d8e2f8b33193d6b7c
-
SSDEEP
384:ZVjCfr4xc8zHUsRWQZkgTkMdPuFzSkWBtnc:Pe8c877kgTkMNuFpn
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 747433d673fb3aab14fd94fb06cc90c9_JaffaCakes118
Files
-
747433d673fb3aab14fd94fb06cc90c9_JaffaCakes118.sys windows:6 windows x86 arch:x86
6c4542a7045a271864c309d975898845
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
memset
IoCreateSymbolicLink
DbgPrint
MmGetPhysicalAddress
ExFreePoolWithTag
NtBuildNumber
ExAllocatePoolWithTag
_allshr
memcpy
ObfDereferenceObject
ZwUnmapViewOfSection
ZwWriteFile
ZwMapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapIoSpace
MmMapIoSpace
RtlFillMemoryUlong
MmGetPhysicalMemoryRanges
ZwQuerySystemInformation
KeQueryActiveProcessors
KeRevertToUserAffinityThread
KeSetSystemAffinityThread
ZwCreateFile
KeTickCount
KeBugCheckEx
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 622B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ