mpsdrv.pdb
Static task
static1
1 signatures
General
-
Target
b2e221eee320a6c7468dc8865f7b4ea6_JaffaCakes118
-
Size
73KB
-
MD5
b2e221eee320a6c7468dc8865f7b4ea6
-
SHA1
90dd881ea72aac3d2a28960668c6dcb820a1c356
-
SHA256
f20b6dd67a16ed8ff9ca5db8bb4581d32b2f4c11951b20fb798de502db8390e5
-
SHA512
f8a95516ff81a85f4432d2e49aec0f649000d349ba5038655b2db502a3f9ce4efbbe7688eacdcf140c5a35e9276ac8f41fbb54226f6c60ba62fc910865f052ec
-
SSDEEP
1536:2DxvSSSDeCcTsnUybjt11zR8jPOnwrtxJTdY5Z/aeKOuT8AqoujEJRkZS:2DxvSSSDeCR5bjtPaT7NOuT8AYjPZS
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b2e221eee320a6c7468dc8865f7b4ea6_JaffaCakes118
Files
-
b2e221eee320a6c7468dc8865f7b4ea6_JaffaCakes118.sys windows:6 windows x64 arch:x64
33687a08f1729190bbf912b07dd4193b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
MmGetSystemRoutineAddress
RtlAddAccessAllowedAce
IofCompleteRequest
RtlInitializeSid
RtlCompareMemory
IoCreateSymbolicLink
IoCreateDevice
RtlCreateSecurityDescriptor
ObSetSecurityObjectByPointer
ExInitializeNPagedLookasideList
IoDeleteDevice
ExpInterlockedPushEntrySList
KeAcquireInStackQueuedSpinLock
ExpInterlockedPopEntrySList
KeQueryTimeIncrement
ExQueryDepthSList
PsGetCurrentProcessId
IoReleaseCancelSpinLock
KeInitializeSpinLock
ExDeleteNPagedLookasideList
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
EtwUnregister
RtlCreateAcl
IoWMIWriteEvent
IoDeleteSymbolicLink
IoWMIRegistrationControl
RtlLengthRequiredSid
RtlSubAuthoritySid
EtwWrite
EtwRegister
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
RtlLengthSid
SeAccessCheck
SeLockSubjectContext
IoGetFileObjectGenericMapping
ZwOpenProcessTokenEx
SeReleaseSubjectContext
SeCaptureSubjectContext
ZwClose
ZwSetInformationThread
ZwDuplicateToken
ZwDuplicateObject
SeUnlockSubjectContext
ZwOpenProcess
KeSetEvent
KeInitializeEvent
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
KeWaitForMultipleObjects
SeSetAuditParameter
SeReportSecurityEventWithSubCategory
fwpkclnt.sys
FwpsFlowAssociateContext0
FwpsCalloutUnregisterByKey0
FwpiCalloutRegisterAndAddWithoutDevice0
FwpmEngineOpen0
FwpmEngineClose0
FwpsCalloutRegisterWithoutDevice0
FwpmFilterAdd0
ndis.sys
NdisAdvanceNetBufferListDataStart
NdisGetDataBuffer
NdisRetreatNetBufferListDataStart
Sections
.text Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 328B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ