f:\spyware\spkdll\sysdriver\t\objfre_w2K_x86\i386\RKHit.pdb
Static task
static1
1 signatures
General
-
Target
b9724926c977468e544a1c66a22add4a_JaffaCakes118
-
Size
28KB
-
MD5
b9724926c977468e544a1c66a22add4a
-
SHA1
315e29e30cf3cf541376f153c11539ceed33f396
-
SHA256
14259d028d4a7ebaa519cfcf4ebd3aed7e3b920f2c4f129cd3fab42521d20e7a
-
SHA512
4438b3d168e3c794085da544f754dae60070e1890fba42c1c62debdb653009cd30df35b2fcde9b65e2390e1dcd990654c91b9de84c477582cc17d3218be3c560
-
SSDEEP
768:P/MSsk0Dp9Ur2kSjjqbTdmA3gCTXem8Bie:XXuvs2kSjjqbTdxQCN8BD
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b9724926c977468e544a1c66a22add4a_JaffaCakes118
Files
-
b9724926c977468e544a1c66a22add4a_JaffaCakes118.sys windows:5 windows x86 arch:x86
0470a889477af954936480d24137207f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_except_handler3
MmUnlockPages
ObfDereferenceObject
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
KeInitializeSpinLock
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
ExFreePool
_stricmp
strrchr
ExAllocatePoolWithTag
ZwQuerySystemInformation
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
ZwOpenKey
PsProcessType
IoDeviceObjectType
MmSectionObjectType
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlImageDirectoryEntryToData
NtBuildNumber
wcscpy
ProbeForRead
IoGetCurrentProcess
RtlAppendUnicodeStringToString
RtlVolumeDeviceToDosName
IoCreateFile
KeGetCurrentThread
KeServiceDescriptorTable
ObQueryNameString
ObReferenceObjectByPointer
ZwQueryInformationProcess
ObOpenObjectByPointer
PsGetVersion
IoAllocateMdl
ObfReferenceObject
PsLookupThreadByThreadId
IoThreadToProcess
NtGlobalFlag
PsThreadType
IofCallDriver
ZwOpenDirectoryObject
MmGetVirtualForPhysical
MmGetPhysicalAddress
MmSystemRangeStart
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
MmBuildMdlForNonPagedPool
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
KeInitializeEvent
IoGetDeviceObjectPointer
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
swprintf
IoGetConfigurationInformation
ZwTerminateProcess
PsGetCurrentProcessId
KeInsertQueueApc
KeInitializeApc
KeClearEvent
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
wcsstr
_wcsupr
IoCreateSynchronizationEvent
MmGetSystemRoutineAddress
ZwOpenEvent
IoDeleteDevice
RtlInitAnsiString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUserProbeAddress
IoFreeMdl
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeStallExecutionProcessor
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ