dmio.pdb
Static task
static1
1 signatures
General
-
Target
b38bde8c52ab0c434f02a3c6219b1a05_JaffaCakes118
-
Size
149KB
-
MD5
b38bde8c52ab0c434f02a3c6219b1a05
-
SHA1
8428b6b251804a7012ba673f2b672926f2feddcc
-
SHA256
4d0250ed1ff67e08ba625e8062b6ec62a9cfde2b4ab3447e204bd2a446a0a458
-
SHA512
b7f3233ccb96097fa25eec7e361f935c68107c3bbf726328d0be1392bbd7675bc8c6f277afb1527edd6f9b828cf5079bf27cb86b95cc67bccc23e149e2cd4ff0
-
SSDEEP
3072:aP+1wyyBw0iQM+jCc10YiYtlxpq2jGIKwJkXkzmA5wrH0vneqD0d:e+12w0TM0il2dKoIkzP58Ca
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b38bde8c52ab0c434f02a3c6219b1a05_JaffaCakes118
Files
-
b38bde8c52ab0c434f02a3c6219b1a05_JaffaCakes118.sys windows:5 windows x86 arch:x86
36d1d1a79a966dff6d007e85983dbf9e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
IoBuildAsynchronousFsdRequest
ObfReferenceObject
IoAllocateIrp
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
MmGetPhysicalAddress
IoAllocateMdl
_allshr
KeInitializeEvent
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
_except_handler3
MmUnmapLockedPages
IofCompleteRequest
memmove
KeSetEvent
ProbeForRead
ProbeForWrite
KeTickCount
PsCreateSystemThread
KeInitializeSemaphore
FsRtlIsTotalDeviceFailure
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlInitUnicodeString
swprintf
RtlCopyUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
RtlVerifyVersionInfo
VerSetConditionMask
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
RtlFreeUnicodeString
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlInitAnsiString
RtlAppendUnicodeStringToString
RtlStringFromGUID
IoFreeIrp
RtlFreeAnsiString
IoDeleteSymbolicLink
strncmp
RtlUnicodeStringToAnsiString
wcsncmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryValueKey
ZwOpenKey
IoGetDeviceProperty
RtlCompareMemory
IoWritePartitionTableEx
_allmul
IoReadPartitionTableEx
IoRegisterDriverReinitialization
IoReportDetectedDevice
IoCreateSynchronizationEvent
IoWriteErrorLogEntry
strncpy
IoAllocateErrorLogEntry
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
ZwCreateDirectoryObject
ZwMakeTemporaryObject
isdigit
PoRequestPowerIrp
PoSetPowerState
IoWMIRegistrationControl
wcslen
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
IoDeleteDevice
MmUnlockPages
RtlAnsiStringToUnicodeString
IoFreeMdl
IoInvalidateDeviceRelations
KeQuerySystemTime
IoVolumeDeviceToDosName
KeReleaseSemaphore
KeInitializeDpc
KeInitializeTimer
KeSetTimer
PsTerminateSystemThread
_aulldvrm
IoRaiseInformationalHardError
_allrem
_alldiv
_alldvrm
ZwClose
sprintf
hal
ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 820B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ