serial.pdb
Static task
static1
1 signatures
General
-
Target
a82050816471bcc5dc900b055157abd4_JaffaCakes118
-
Size
63KB
-
MD5
a82050816471bcc5dc900b055157abd4
-
SHA1
a8103dc62591d75818acc803c44dac64cb7468b6
-
SHA256
3177c28eb98dc64b2699036cb012368c9256f3fee7098e36736ddfb97886be78
-
SHA512
5006fb78058dc1e6affd6a068f68b3e4afc0c9eb427f3d8bf99eb356b5112d6915d75747922a4755c6645183fa8c3b3beaf88d397289b04b7df778ac31a758e4
-
SSDEEP
768:F/NA29vprT5RIvVHBcq1F0hhovzSEAAzMQTBHaje10JyBaUfPOSpgnNPa0ppT:JNA29vZyhcMjb/QCtNfkNF/
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a82050816471bcc5dc900b055157abd4_JaffaCakes118
Files
-
a82050816471bcc5dc900b055157abd4_JaffaCakes118.sys windows:5 windows x86 arch:x86
2da71861ca7a4f2be76f7e4a7ea53551
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
hal
WRITE_PORT_BUFFER_UCHAR
KfReleaseSpinLock
HalTranslateBusAddress
HalGetInterruptVector
ExAcquireFastMutex
ExReleaseFastMutex
WRITE_PORT_UCHAR
KdComPortInUse
READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
ntoskrnl.exe
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
ExAllocatePoolWithTag
DbgBreakPoint
KeInitializeSpinLock
memmove
PoSetPowerState
KeWaitForSingleObject
ExAllocatePoolWithQuotaTag
_except_handler3
KeInsertQueueDpc
KeDelayExecutionThread
MmLockPagableSectionByHandle
MmQuerySystemSize
KeQuerySystemTime
KeSetEvent
KeSetTimer
IofCallDriver
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeCancelTimer
IoInvalidateDeviceState
IoQueryDeviceDescription
ZwClose
IoDetachDevice
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
wcslen
RtlInitUnicodeString
KeInitializeEvent
IoCreateDevice
RtlIntegerToUnicodeString
IoAttachDeviceToDeviceStack
IoConnectInterrupt
RtlQueryRegistryValues
ZwQueryValueKey
ZwSetValueKey
ZwEnumerateKey
IoReportDetectedDevice
ZwOpenKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
KeTickCount
KeBugCheckEx
IoDeleteDevice
IoGetConfigurationInformation
IoWMIRegistrationControl
IoDisconnectInterrupt
KeRemoveQueueDpc
MmUnmapIoSpace
MmMapIoSpace
MmLockPagableDataSection
ExFreePoolWithTag
MmUnlockPagableImageSection
_allmul
IoAcquireCancelSpinLock
KeSynchronizeExecution
IoReleaseCancelSpinLock
IoOpenDeviceRegistryKey
IofCompleteRequest
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 484B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGESRP0 Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESER Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ