e:\eclipse\branch\botnet\1.020\drivers\Bin\i386\kernel.pdb
Static task
static1
1 signatures
General
-
Target
7919a47771e3bd2920d8e38976e09482_JaffaCakes118
-
Size
39KB
-
MD5
7919a47771e3bd2920d8e38976e09482
-
SHA1
46c361beae0043a57ae986b88b8083febb12a2f1
-
SHA256
06ae078b8005ad7331e3f411f2a33b49fd5c815da8df430cf1188098f47d762c
-
SHA512
70f05645ec8a6d37b8e0e5f63cafe7399593365eb12b16e5578e827a0b3c1d12cb3641eecb5ee4f1fa8da7ac5c27e574653f103edce805e79a033087b5d592ab
-
SSDEEP
768:hB5ZsaEvuh8DRBp9e1miumGHSQJXae/5gVJpYyDxwSS9WCLHH5:hRDEvsHBOksn5
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7919a47771e3bd2920d8e38976e09482_JaffaCakes118
Files
-
7919a47771e3bd2920d8e38976e09482_JaffaCakes118.sys windows:5 windows x86 arch:x86
b5a393f5624f40c78d76140089737a5f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
IoRegisterShutdownNotification
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ObfReferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoCreateFile
RtlInitUnicodeString
IoAttachDevice
ExAllocatePoolWithTag
ExFreePool
ZwEnumerateKey
_except_handler3
KeServiceDescriptorTable
isspace
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
_purecall
KeSetEvent
ZwClose
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlQueryRegistryValues
PsGetVersion
RtlCopyUnicodeString
ZwCreateKey
ZwQueryValueKey
wcscmp
wcscpy
wcslen
ZwDeleteKey
ZwEnumerateValueKey
ZwDeleteValueKey
ZwOpenKey
wcscat
ZwFlushKey
InterlockedExchange
_stricmp
ZwReadFile
PsTerminateSystemThread
KeSetPriorityThread
PsCreateSystemThread
ObfDereferenceObject
RtlWriteRegistryValue
RtlCreateRegistryKey
swprintf
RtlDeleteRegistryValue
strcmp
ObQueryNameString
ObReferenceObjectByName
IoDriverObjectType
IoFreeIrp
InterlockedIncrement
ObInsertObject
KeGetCurrentThread
IoAllocateIrp
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
KeInitializeSpinLock
ObCreateObject
IoFileObjectType
KeResetEvent
IoFreeMdl
MmUnlockPages
IoCancelIrp
MmProbeAndLockPages
IoAllocateMdl
KeWaitForMultipleObjects
strlen
_vsnprintf
_aulldiv
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeTickCount
KeBugCheckEx
memcpy
IofCompleteRequest
ZwSetValueKey
memset
strncpy
RtlCompareMemory
KeInitializeMutex
KeReleaseMutex
ZwWriteFile
KeQuerySystemTime
_allmul
strchr
hal
KfRaiseIrql
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 896B - Virtual size: 772B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 128B - Virtual size: 13B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ