x:\code-n~1\releases\releas~2\objsp\i386\drvspector.pdb
Static task
static1
1 signatures
General
-
Target
b1818800127a18b259d6b5b6383de708_JaffaCakes118
-
Size
46KB
-
MD5
b1818800127a18b259d6b5b6383de708
-
SHA1
19457836f8454dfcdc4e63739ee73801a23b3072
-
SHA256
8b9d2d2bf7b97029bc5da033534742a0bf0a33bb0deaddf5fdce9d0fa60263b9
-
SHA512
951e538e1c81ee024914bc9a4992834a263433090008e644919a7d90cdbea475aacbb0a1c21214da20af929e603a0d381981e166a79b17a89e4a0c31c851b52e
-
SSDEEP
768:rF5KRZjvH7uQ5fMlUBkgTE4Fp5W4vprJHHVFT/0BJ9w7hV:fG5yQ50l7a5W4vprVDoahV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b1818800127a18b259d6b5b6383de708_JaffaCakes118
Files
-
b1818800127a18b259d6b5b6383de708_JaffaCakes118.sys windows:6 windows x86 arch:x86
b0cd458062fc161375295080f6a3cf1e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExQueueWorkItem
IoAttachDeviceToDeviceStack
KeDelayExecutionThread
ObfDereferenceObject
ObfReferenceObject
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQueryValueKey
ZwClose
ZwOpenKey
RtlFreeAnsiString
strrchr
RtlUnicodeStringToAnsiString
memset
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
ObQueryNameString
_wcsicmp
_wcslwr
strchr
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ExAllocatePool
RtlLengthSid
KeInsertQueueApc
KeSetEvent
PsLookupThreadByThreadId
KeGetCurrentThread
PsGetCurrentThreadId
strncmp
PsLookupProcessByProcessId
ZwQueryInformationProcess
ZwOpenProcess
PsGetCurrentProcessId
ZwAllocateVirtualMemory
RtlInitString
memcpy
IofCompleteRequest
IoDeleteDevice
IoDetachDevice
ObReferenceObjectByHandle
ExEventObjectType
IoQueueWorkItem
IoAllocateWorkItem
IoCreateDevice
wcsstr
RtlCompareUnicodeString
IoGetDeviceObjectPointer
IoRegisterFsRegistrationChange
_stricmp
DbgPrint
PsSetLoadImageNotifyRoutine
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
ExInitializePagedLookasideList
IoCreateSymbolicLink
InitSafeBootMode
ZwQuerySystemInformation
KeTickCount
KeBugCheckEx
RtlUnwind
IofCallDriver
PsGetVersion
RtlInitUnicodeString
MmGetSystemRoutineAddress
KeInitializeApc
KeInitializeEvent
IoFreeIrp
RtlVolumeDeviceToDosName
RtlCopyUnicodeString
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
IoAllocateIrp
RtlAppendUnicodeStringToString
IoGetTopLevelIrp
RtlAppendUnicodeToString
RtlAnsiCharToUnicodeChar
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
wcschr
RtlAbsoluteToSelfRelativeSD
ZwCreateKey
ZwSetValueKey
hal
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
Sections
.text Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ