d:\_rootkit_techniques_\ak922\src\mian\i386\AK922.pdb
Static task
static1
1 signatures
General
-
Target
a15a2791854caef56ac455b103ba5385_JaffaCakes118
-
Size
7KB
-
MD5
a15a2791854caef56ac455b103ba5385
-
SHA1
9d2c43846ba2ee07c532c4bad9bff1591b65c2e8
-
SHA256
7eaacf6a33101b4c5f069e5e2cfb1b8a7b4be20cdb391feb934486cc87ec8ab3
-
SHA512
8df227ee3f44a74eb3b5415e60dfc6c04dc03249149d7869c6b014b3fa6e78d7937ac705fb3980ed967657a9ff2f847814bd3162b25d17624356b75d63ed4eb0
-
SSDEEP
96:7PUtKXU/FedGBsp27LMu9Whm4ls+awocYMOPXMsdscIPH17xD9:4tKoulp27LMNTa9eOPXMPf173
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a15a2791854caef56ac455b103ba5385_JaffaCakes118
Files
-
a15a2791854caef56ac455b103ba5385_JaffaCakes118.sys windows:6 windows x86 arch:x86
58668fba3b98d6c7b7d5d6aedab9a262
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_strnicmp
ExFreePoolWithTag
_wcsnicmp
ExAllocatePool
ObQueryNameString
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
IoFreeIrp
IofCallDriver
IoAllocateIrp
KeDetachProcess
ProbeForWrite
strncmp
ExQueueWorkItem
IoThreadToProcess
memmove
memcpy
memset
IofCompleteRequest
IoDeleteDevice
IoCreateDevice
IoGetCurrentProcess
MmGetSystemRoutineAddress
KeTickCount
RtlUnwind
KeAttachProcess
KeGetCurrentThread
KeBugCheckEx
hal
KeGetCurrentIrql
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 356B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 798B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 334B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ