d:\工作\ppc压力测试\driver\objfre_wnet_x86\i386\passthru.pdb
General
-
Target
b5e7673a3297e590ee7831b6cd335ef9_JaffaCakes118
-
Size
32KB
-
MD5
b5e7673a3297e590ee7831b6cd335ef9
-
SHA1
09c8b24d549e95f7275d7d27b508cac55cff6cbb
-
SHA256
62de46a5795672405d091bca175389fb250f6eb0ac006a78e33f8e34bc566aa3
-
SHA512
4bba810e688c2bf67e7e89c70f10b46c9a766756990e4354186a74fe800b25f2bd8e59ee9912736de95fb451d349e3374b1229cf0dd962efc536deca48d5ce38
-
SSDEEP
768:TTqph6gN38VCbjosdlw+2ddwmea/nMD8WGh:48VGVe7ws/Y8WG
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b5e7673a3297e590ee7831b6cd335ef9_JaffaCakes118
Files
-
b5e7673a3297e590ee7831b6cd335ef9_JaffaCakes118.sys windows:6 windows x86 arch:x86
5eb10a88821836e45f98778bdb40680b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeBugCheckEx
KeTickCount
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
memcpy
IofCompleteRequest
RtlInitUnicodeString
memset
memmove
MmMapLockedPagesSpecifyCache
IoFreeMdl
hal
KfReleaseSpinLock
KfAcquireSpinLock
ndis.sys
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisIMCancelInitializeDeviceInstance
NdisAllocatePacketPoolEx
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisGetReceivedPacket
NdisInitializeEvent
NdisFreePacketPool
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisIMGetCurrentPacketStack
NdisRequest
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisReturnPackets
NdisGetPoolFromPacket
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisFreeMemory
NdisAllocateMemory
NdisMDeregisterDevice
NdisIMDeregisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisMRegisterDevice
NdisMSleep
NdisDeregisterProtocol
NdisDprAllocatePacket
NdisIMNotifyPnPEvent
NdisReEnumerateProtocolBindings
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 375B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 1024B - Virtual size: 710B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 540B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ