ndis.pdb
Static task
static1
1 signatures
General
-
Target
b275166615478c36fdf2529d9526567b_JaffaCakes118
-
Size
253KB
-
MD5
b275166615478c36fdf2529d9526567b
-
SHA1
3e2692249d25620528272976cb3aa89a123b67fe
-
SHA256
fead9d72b8ecc115084fd47b514ed85ee592a7b115b018079c4f63fbb185c6e6
-
SHA512
5ebbb830f35eb6e81e91498f8721c6d57628a9cbd9e28ab6e959c406b848d6da864b2d6345ec547155d6a774ddef606e09c2cb83646e15ec534de7d4ae859415
-
SSDEEP
6144:BaD7OGYZ9wU8leWt4IyKlWps1bElovBzrxQ1NZng:Hn8lB4IhbE6VrCZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b275166615478c36fdf2529d9526567b_JaffaCakes118
Files
-
b275166615478c36fdf2529d9526567b_JaffaCakes118.sys windows:5 windows x86 arch:x86
b17c8505565501a85c1977538db79916
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExNotifyCallback
RtlImageDirectoryEntryToData
KeInitializeEvent
KeReleaseMutex
KeWaitForSingleObject
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IofCompleteRequest
KeInitializeMutex
ZwPowerInformation
ExRegisterCallback
DbgPrint
ExCreateCallback
KeQuerySystemTime
KeInitializeQueue
ExInitializeResourceLite
KeQueryTimeIncrement
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeNumberProcessors
RtlWriteRegistryValue
ZwClose
ZwOpenKey
IoOpenDeviceRegistryKey
RtlCharToInteger
ZwEnumerateKey
RtlUnicodeStringToInteger
RtlEqualUnicodeString
RtlAppendUnicodeToString
IoGetDeviceProperty
IoSetDeviceInterfaceState
_alldiv
IoInvalidateDeviceState
MmUnlockPagableImageSection
MmLockPagableDataSection
MmLockPagableSectionByHandle
MmAllocateContiguousMemory
MmAllocateNonCachedMemory
MmFreeContiguousMemory
MmFreeNonCachedMemory
KeTickCount
InterlockedPushEntrySList
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoBuildPartialMdl
MmMapLockedPages
MmMapIoSpace
MmUnmapIoSpace
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlExtendedIntegerMultiply
ExGetCurrentProcessorCpuUsage
ExGetCurrentProcessorCounts
KeResetEvent
_allmul
MmMapLockedPagesSpecifyCache
InterlockedPopEntrySList
RtlGetCallersAddress
ObfDereferenceObject
RtlFreeUnicodeString
IoUnregisterShutdownNotification
IoGetDriverObjectExtension
KeSetTimerEx
KeSetTimer
KeInitializeTimerEx
KeBugCheckEx
IoWMIRegistrationControl
KeInsertQueue
IoWMIWriteEvent
ExfInterlockedInsertHeadList
memmove
DbgBreakPoint
IoFreeMdl
RtlAnsiStringToUnicodeString
ExfInterlockedAddUlong
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
ExfInterlockedPushEntryList
ExfInterlockedPopEntryList
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeInsertQueueDpc
IoDeleteSymbolicLink
IoRegisterDeviceInterface
KeInitializeDpc
KeSetImportanceDpc
KeInitializeTimer
KeCancelTimer
IoDeleteDevice
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
IoGetDmaAdapter
KeRegisterBugCheckCallback
KeDeregisterBugCheckCallback
IofCallDriver
IoBuildSynchronousFsdRequest
IoCancelIrp
KeGetRecommendedSharedDataAlignment
ExDeleteNPagedLookasideList
IoDetachDevice
IoAttachDeviceToDeviceStack
MmIsDriverVerifying
IoAllocateDriverObjectExtension
IoFreeIrp
IoAllocateIrp
KeSynchronizeExecution
IoConnectInterrupt
KeSetTargetProcessorDpc
IoDisconnectInterrupt
ZwLoadDriver
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
SeSinglePrivilegeCheck
RtlInitAnsiString
MmAddVerifierThunks
MmIsVerifierEnabled
ExAllocatePoolWithTagPriority
ExInitializeNPagedLookasideList
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlInitializeSid
ExAllocatePool
RtlLengthRequiredSid
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObReleaseObjectSecurity
ObSetSecurityObjectByPointer
RtlSetDaclSecurityDescriptor
RtlSelfRelativeToAbsoluteSD
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
ObGetObjectSecurity
_except_handler3
KeSetEvent
RtlQueryRegistryValues
RtlInitUnicodeString
RtlUpcaseUnicodeString
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
PsGetCurrentThread
ObfReferenceObject
KeRemoveQueue
PsCreateSystemThread
NtClose
ExQueueWorkItem
ExAllocatePoolWithTag
ExInterlockedAddLargeInteger
ExFreePoolWithTag
hal
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KeStallExecutionProcessor
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
HalTranslateBusAddress
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
Exports
Exports
ArcFilterDprIndicateReceive
ArcFilterDprIndicateReceiveComplete
EthFilterDprIndicateReceive
EthFilterDprIndicateReceiveComplete
FddiFilterDprIndicateReceive
FddiFilterDprIndicateReceiveComplete
NDIS_BUFFER_TO_SPAN_PAGES
NdisAcquireReadWriteLock
NdisAcquireSpinLock
NdisAdjustBufferLength
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocateFromBlockPool
NdisAllocateMemory
NdisAllocateMemoryWithTag
NdisAllocatePacket
NdisAllocatePacketPool
NdisAllocatePacketPoolEx
NdisAllocateSpinLock
NdisAnsiStringToUnicodeString
NdisBufferLength
NdisBufferVirtualAddress
NdisCancelSendPackets
NdisCancelTimer
NdisClAddParty
NdisClCloseAddressFamily
NdisClCloseCall
NdisClDeregisterSap
NdisClDropParty
NdisClGetProtocolVcContextFromTapiCallId
NdisClIncomingCallComplete
NdisClMakeCall
NdisClModifyCallQoS
NdisClOpenAddressFamily
NdisClRegisterSap
NdisCloseAdapter
NdisCloseConfiguration
NdisCloseFile
NdisCmActivateVc
NdisCmAddPartyComplete
NdisCmCloseAddressFamilyComplete
NdisCmCloseCallComplete
NdisCmDeactivateVc
NdisCmDeregisterSapComplete
NdisCmDispatchCallConnected
NdisCmDispatchIncomingCall
NdisCmDispatchIncomingCallQoSChange
NdisCmDispatchIncomingCloseCall
NdisCmDispatchIncomingDropParty
NdisCmDropPartyComplete
NdisCmMakeCallComplete
NdisCmModifyCallQoSComplete
NdisCmOpenAddressFamilyComplete
NdisCmRegisterAddressFamily
NdisCmRegisterSapComplete
NdisCoAssignInstanceName
NdisCoCreateVc
NdisCoDeleteVc
NdisCoGetTapiCallId
NdisCoRequest
NdisCoRequestComplete
NdisCoSendPackets
NdisCompareAnsiString
NdisCompareUnicodeString
NdisCompleteBindAdapter
NdisCompleteDmaTransfer
NdisCompletePnPEvent
NdisCompleteUnbindAdapter
NdisConvertStringToAtmAddress
NdisCopyBuffer
NdisCopyFromPacketToPacket
NdisCopyFromPacketToPacketSafe
NdisCreateBlockPool
NdisDeregisterProtocol
NdisDestroyBlockPool
NdisDprAcquireSpinLock
NdisDprAllocatePacket
NdisDprAllocatePacketNonInterlocked
NdisDprFreePacket
NdisDprFreePacketNonInterlocked
NdisDprReleaseSpinLock
NdisEqualString
NdisFreeBuffer
NdisFreeBufferPool
NdisFreeMemory
NdisFreePacket
NdisFreePacketPool
NdisFreeSpinLock
NdisFreeToBlockPool
NdisGeneratePartialCancelId
NdisGetBufferPhysicalArraySize
NdisGetCurrentProcessorCounts
NdisGetCurrentProcessorCpuUsage
NdisGetCurrentSystemTime
NdisGetDriverHandle
NdisGetFirstBufferFromPacket
NdisGetFirstBufferFromPacketSafe
NdisGetPacketCancelId
NdisGetPoolFromPacket
NdisGetReceivedPacket
NdisGetRoutineAddress
NdisGetSharedDataAlignment
NdisGetSystemUpTime
NdisGetVersion
NdisIMAssociateMiniport
NdisIMCancelInitializeDeviceInstance
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisIMDeInitializeDeviceInstance
NdisIMDeregisterLayeredMiniport
NdisIMGetBindingContext
NdisIMGetCurrentPacketStack
NdisIMGetDeviceContext
NdisIMInitializeDeviceInstance
NdisIMInitializeDeviceInstanceEx
NdisIMNotifyPnPEvent
NdisIMQueueMiniportCallback
NdisIMRegisterLayeredMiniport
NdisIMRevertBack
NdisIMSwitchToMiniport
NdisImmediateReadPciSlotInformation
NdisImmediateReadPortUchar
NdisImmediateReadPortUlong
NdisImmediateReadPortUshort
NdisImmediateReadSharedMemory
NdisImmediateWritePciSlotInformation
NdisImmediateWritePortUchar
NdisImmediateWritePortUlong
NdisImmediateWritePortUshort
NdisImmediateWriteSharedMemory
NdisInitAnsiString
NdisInitUnicodeString
NdisInitializeEvent
NdisInitializeReadWriteLock
NdisInitializeString
NdisInitializeTimer
NdisInitializeWrapper
NdisInterlockedAddLargeInterger
NdisInterlockedAddUlong
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisInterlockedInsertHeadList
NdisInterlockedInsertTailList
NdisInterlockedPopEntryList
NdisInterlockedPushEntryList
NdisInterlockedRemoveHeadList
NdisMAllocateMapRegisters
NdisMAllocateSharedMemory
NdisMAllocateSharedMemoryAsync
NdisMCancelTimer
NdisMCloseLog
NdisMCmActivateVc
NdisMCmCreateVc
NdisMCmDeactivateVc
NdisMCmDeleteVc
NdisMCmRegisterAddressFamily
NdisMCmRequest
NdisMCoActivateVcComplete
NdisMCoDeactivateVcComplete
NdisMCoIndicateReceivePacket
NdisMCoIndicateStatus
NdisMCoReceiveComplete
NdisMCoRequestComplete
NdisMCoSendComplete
NdisMCompleteBufferPhysicalMapping
NdisMCreateLog
NdisMDeregisterAdapterShutdownHandler
NdisMDeregisterDevice
NdisMDeregisterDmaChannel
NdisMDeregisterInterrupt
NdisMDeregisterIoPortRange
NdisMFlushLog
NdisMFreeMapRegisters
NdisMFreeSharedMemory
NdisMGetDeviceProperty
NdisMGetDmaAlignment
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMInitializeScatterGatherDma
NdisMInitializeTimer
NdisMMapIoSpace
NdisMPciAssignResources
NdisMPromoteMiniport
NdisMQueryAdapterInstanceName
NdisMQueryAdapterResources
NdisMQueryInformationComplete
NdisMReadDmaCounter
NdisMRegisterAdapterShutdownHandler
NdisMRegisterDevice
NdisMRegisterDmaChannel
NdisMRegisterInterrupt
NdisMRegisterIoPortRange
NdisMRegisterMiniport
NdisMRegisterUnloadHandler
NdisMRemoveMiniport
NdisMResetComplete
NdisMSendComplete
NdisMSendResourcesAvailable
NdisMSetAttributes
NdisMSetAttributesEx
NdisMSetInformationComplete
NdisMSetMiniportSecondary
NdisMSetPeriodicTimer
NdisMSetTimer
NdisMSleep
NdisMStartBufferPhysicalMapping
NdisMSynchronizeWithInterrupt
NdisMTransferDataComplete
NdisMUnmapIoSpace
NdisMWanIndicateReceive
NdisMWanIndicateReceiveComplete
NdisMWanSendComplete
NdisMWriteLogData
NdisMapFile
NdisMatchPdoWithPacket
NdisOpenAdapter
NdisOpenConfiguration
NdisOpenConfigurationKeyByIndex
NdisOpenConfigurationKeyByName
NdisOpenFile
NdisOpenProtocolConfiguration
NdisOverrideBusNumber
NdisPacketPoolUsage
NdisPacketSize
NdisQueryAdapterInstanceName
NdisQueryBindInstanceName
NdisQueryBuffer
NdisQueryBufferOffset
NdisQueryBufferSafe
NdisQueryMapRegisterCount
NdisQueryPendingIOCount
NdisReEnumerateProtocolBindings
NdisReadConfiguration
NdisReadEisaSlotInformation
NdisReadEisaSlotInformationEx
NdisReadMcaPosInformation
NdisReadNetworkAddress
NdisReadPciSlotInformation
NdisReadPcmciaAttributeMemory
NdisRegisterProtocol
NdisRegisterTdiCallBack
NdisReleaseReadWriteLock
NdisReleaseSpinLock
NdisRequest
NdisReset
NdisResetEvent
NdisReturnPackets
NdisScheduleWorkItem
NdisSend
NdisSendPackets
NdisSetEvent
NdisSetPacketCancelId
NdisSetPacketPoolProtocolId
NdisSetPacketStatus
NdisSetProtocolFilter
NdisSetTimer
NdisSetTimerEx
NdisSetupDmaTransfer
NdisSystemProcessorCount
NdisTerminateWrapper
NdisTransferData
NdisUnchainBufferAtBack
NdisUnchainBufferAtFront
NdisUnicodeStringToAnsiString
NdisUnmapFile
NdisUpcaseUnicodeString
NdisUpdateSharedMemory
NdisWaitEvent
NdisWriteConfiguration
NdisWriteErrorLogEntry
NdisWriteEventLogEntry
NdisWritePciSlotInformation
NdisWritePcmciaAttributeMemory
TrFilterDprIndicateReceive
TrFilterDprIndicateReceiveComplete
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGENPNP Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDSP Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDSM Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDCO Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDSF Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDSE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDST Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENDSA Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE