d:\installbuild\ess_3_0_600\build\apps\work\src\apps\asdriver\easdrv\objfre_wlh_x86\i386\easdrv.pdb
Static task
static1
1 signatures
General
-
Target
b3767d26fea27b4949040192930979a0_JaffaCakes118
-
Size
52KB
-
MD5
b3767d26fea27b4949040192930979a0
-
SHA1
c13fda6a48b474b00b376b9f58f2421319e64ae4
-
SHA256
2f8ae486e54f808d240df0bcb5f781c9b622ede06e6dc0746cde941a96ac1ea6
-
SHA512
0eb7fa5d575fee34cc4c1012e2995d0c0b0226a05d720a8214865709b60aaa41a9533dde9b4e5cfd632b1fe88e10d0261ea82cd42157604c793f1ee7f0e16201
-
SSDEEP
768:rYhz4LPavktLRf6pLR63PlMuMtdSS1CsXr+ek33fLhbimWu:favA8P69MLOuMv1hz
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b3767d26fea27b4949040192930979a0_JaffaCakes118
Files
-
b3767d26fea27b4949040192930979a0_JaffaCakes118.sys windows:6 windows x86 arch:x86
4c8416ace747317498b4da1fb89d53c9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ProbeForWrite
KeSetEvent
PsGetCurrentThreadId
_wcsnicmp
memset
qsort
memmove
wcschr
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strrchr
_stricmp
ZwQuerySystemInformation
ZwClose
ZwReadFile
ZwCreateFile
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
IoDeleteSymbolicLink
IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
MmGetSystemRoutineAddress
NtSetSecurityObject
ObOpenObjectByPointer
RtlValidSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
SeExports
RtlCreateAcl
wcsncpy
_vsnprintf
memcpy
_strnicmp
_allmul
_aulldiv
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
RtlVolumeDeviceToDosName
ZwQueryDirectoryFile
ZwOpenFile
wcsncmp
ZwOpenKey
ZwQueryValueKey
KeWaitForSingleObject
ZwSetInformationFile
KeDelayExecutionThread
ZwWriteFile
ZwQueryInformationFile
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoGetRelatedDeviceObject
RtlCompareUnicodeString
KeTickCount
KeBugCheckEx
RtlUnwind
ExAllocatePoolWithTag
ObfDereferenceObject
ExFreePoolWithTag
hal
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 788B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ