d:\proj\nk\0.3.x\out\i386\nkv2.pdb
Static task
static1
1 signatures
General
-
Target
af5597589432b07582bfe3a6f995345f_JaffaCakes118
-
Size
58KB
-
MD5
af5597589432b07582bfe3a6f995345f
-
SHA1
94c94985947b8dea07d86935a0502b1363f6a947
-
SHA256
d801b9285689aae5c6dcc30e63e7076feeb26461dd16ca17d9e0660d81749a3e
-
SHA512
59a725f86b3b511af4d3fab404cd097424a846480e0f08bf7032e57d460c1a667d7c51fd1abd6e23577875c140b1f0524d0f87f207f7584bb8314adf6ebbeb7e
-
SSDEEP
768:ktyTsCDt8HzVdUzp27P6fhhtU1+ezsMt02PpTybuUp3tVEb7axtj9zzc0Hc/q:ktymUzpwCpht+t0LrVu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource af5597589432b07582bfe3a6f995345f_JaffaCakes118
Files
-
af5597589432b07582bfe3a6f995345f_JaffaCakes118.sys windows:6 windows x86 arch:x86
52a0acdfeebbe7b69b982b66efce0759
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeTickCount
MmUnmapLockedPages
IoAllocateMdl
MmProbeAndLockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoReleaseCancelSpinLock
RtlAssert
RtlEqualUnicodeString
IofCompleteRequest
ExFreePoolWithTag
ExAllocatePoolWithTag
strstr
RtlUpperString
RtlInitString
ZwQuerySystemInformation
KeInitializeEvent
KeWaitForSingleObject
memset
KeSetEvent
ExfInterlockedInsertTailList
KeCancelTimer
memcpy
KeSetTimer
KeInitializeDpc
KeInitializeTimer
_allmul
KeInsertQueueDpc
ZwClose
ZwDeviceIoControlFile
ZwCreateFile
PsGetVersion
KeSetTimerEx
ExfInterlockedRemoveHeadList
sprintf
KeQuerySystemTime
KeDelayExecutionThread
RtlCompareUnicodeString
MmBuildMdlForNonPagedPool
RtlUnwind
KeBugCheckEx
ObfDereferenceObject
DbgPrint
RtlInitUnicodeString
IoDriverObjectType
ObReferenceObjectByName
hal
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
tdi.sys
TdiRegisterPnPHandlers
TdiDeregisterPnPHandlers
ndis.sys
NdisQueryBufferSafe
NdisAllocatePacket
NdisAllocateBuffer
NDIS_BUFFER_TO_SPAN_PAGES
NdisUnchainBufferAtFront
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisFreeBufferPool
NdisFreePacketPool
NdisDeregisterProtocol
NdisInitUnicodeString
NdisQueryBufferOffset
NdisFreePacket
NdisRegisterProtocol
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 676B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ