d:\ccviews\autobuild1_br-0804-1100_8.0_snapshot\sse_storage\driver\source\ddkbuilddir_full\objfre_wlh_x86\i386\IaStor.pdb
Static task
static1
1 signatures
General
-
Target
7719b6d9f0e0fc50e365aff3095f6714_JaffaCakes118
-
Size
305KB
-
MD5
7719b6d9f0e0fc50e365aff3095f6714
-
SHA1
97adee8a6a7457b716d9463f1038e7cc7e9793ea
-
SHA256
8c470e8c2e7ca45a9d852f377a535942b93ac07d69b8efb82603737d6e92d40d
-
SHA512
a28d194c04006fffc4fd9ce0f0bd81ebce3eb3dcc727a58b713673d7e2f508c0aec43e0253554a377287697a28f1c51b17e8d0b972474a2937a05af7432d783c
-
SSDEEP
6144:qlXXLv6WZgs6Xfn/EJQ5OtIZ1JGakVeDfhkdNdNz:sXxgs6XU1IbJGakVWqdr
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7719b6d9f0e0fc50e365aff3095f6714_JaffaCakes118
Files
-
7719b6d9f0e0fc50e365aff3095f6714_JaffaCakes118.sys windows:6 windows x86 arch:x86
fdfc448cd200503adf6aef5b6f3b70e1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwOpenKey
DbgPrint
_allmul
IofCompleteRequest
KeSetEvent
PoSetPowerState
_aullshr
MmIsAddressValid
KeWaitForSingleObject
IoFreeWorkItem
IoUnregisterPlugPlayNotification
ObfDereferenceObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
memcpy
IoGetDeviceObjectPointer
IoQueueWorkItem
IoAllocateWorkItem
IoRegisterPlugPlayNotification
KeClearEvent
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
ObReferenceObjectByHandle
KeQueryTimeIncrement
KeTickCount
_aulldiv
KeDelayExecutionThread
MmGetPhysicalAddress
KeCancelTimer
KeSetTimerEx
KeInitializeTimerEx
memmove
strncpy
strncmp
_purecall
sprintf
InterlockedPopEntrySList
InterlockedPushEntrySList
RtlCompareMemory
IoInvalidateDeviceRelations
KeSetTimer
ExSystemTimeToLocalTime
KeQuerySystemTime
MmUnmapIoSpace
MmMapIoSpace
RtlWriteRegistryValue
ZwCreateKey
swprintf
KeLeaveCriticalRegion
KeEnterCriticalRegion
MmMapLockedPagesSpecifyCache
ExDeleteNPagedLookasideList
KeBugCheck
PsTerminateSystemThread
KeWaitForMultipleObjects
KeSetPriorityThread
PsCreateSystemThread
ExInitializeNPagedLookasideList
_aullrem
ZwQueryValueKey
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoFreeIrp
IoAllocateIrp
IoGetAttachedDeviceReference
_alldiv
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCsqInitialize
IoInitializeRemoveLockEx
IoCreateDevice
RtlUnicodeStringToInteger
wcsncpy
wcsstr
IoDeleteDevice
IoDetachDevice
_wcsupr
IoGetDeviceProperty
ZwCreateDirectoryObject
KeInitializeDpc
KeInitializeTimer
ExRegisterCallback
ExCreateCallback
IoConnectInterrupt
IoReportResourceForDetection
ExUnregisterCallback
IoDisconnectInterrupt
IoReleaseRemoveLockAndWaitEx
IoGetConfigurationInformation
KeRemoveQueueDpc
IoCsqInsertIrp
IoCsqRemoveNextIrp
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
strncat
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObfReferenceObject
PoRegisterDeviceForIdleDetection
IoInvalidateDeviceState
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoGetDmaAdapter
RtlFreeUnicodeString
RtlGetVersion
strstr
KeInsertQueueDpc
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
IoRequestDeviceEject
RtlCreateRegistryKey
RtlCopyUnicodeString
KeBugCheckEx
RtlUnwind
ZwClose
memset
RtlInitUnicodeString
ExAllocatePoolWithTag
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
_aulldvrm
ExFreePoolWithTag
hal
KeAcquireInStackQueuedSpinLock
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KeStallExecutionProcessor
KeReleaseInStackQueuedSpinLock
Sections
.text Size: 276KB - Virtual size: 275KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 516KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ