e:\drivers\kaola\ver3\fsprot\filespy\filter\objfre_w2K_x86\i386\prxfile.pdb
Static task
static1
1 signatures
General
-
Target
8d7e191906e69fd6ba33d821657a3204_JaffaCakes118
-
Size
36KB
-
MD5
8d7e191906e69fd6ba33d821657a3204
-
SHA1
573bd36822ca0df5c1e2620ca0b14e2bf25fb03b
-
SHA256
ff58b273e59e0e8be06b1846eae66492d35e3e24ecfd8ebe6598e0f208b16c82
-
SHA512
4436b3825065b931dd84b0de4d8259b72774211d135591da1561403de5ef166068b7b88c462bc7f18c3d369a701adfc79b2a523b6f37b9b01a80013a980b3f87
-
SSDEEP
768:NlR+2qEovMefCm+fawqIzp8DY6a16jLprXVJ0kAkv/SH2j:NlR+2tovv0e9rXVJ0kAkvaH2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8d7e191906e69fd6ba33d821657a3204_JaffaCakes118
Files
-
8d7e191906e69fd6ba33d821657a3204_JaffaCakes118.sys windows:5 windows x86 arch:x86
dc0874c06ec7b452fc10bcfb16bec532
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_wcsicmp
ExFreePool
ExSystemTimeToLocalTime
KeQuerySystemTime
ExAllocatePoolWithTag
_except_handler3
ZwClose
ZwQueryValueKey
DbgPrint
ZwOpenKey
RtlInitUnicodeString
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
strstr
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
IoCreateDevice
IoRegisterFsRegistrationChange
ExInitializeNPagedLookasideList
KeInitializeSpinLock
IoDeleteSymbolicLink
IoCreateSymbolicLink
ExInitializePagedLookasideList
IoDetachDevice
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
PsGetCurrentThreadId
PsGetCurrentProcessId
IoAttachDeviceToDeviceStack
IoFreeIrp
ObfReferenceObject
KeDelayExecutionThread
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
_wcsnicmp
RtlEqualUnicodeString
KeGetCurrentThread
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwCreateFile
wcslen
KeTickCount
KeBugCheckEx
IoDeleteDevice
ObfDereferenceObject
IofCompleteRequest
ExQueueWorkItem
DbgBreakPoint
KeSetEvent
sprintf
RtlVolumeDeviceToDosName
memmove
_snwprintf
ObQueryNameString
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
IoGetTopLevelIrp
hal
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ