c:\driver\driver.pdb
Static task
static1
1 signatures
General
-
Target
b65b61b4f833183b4a4cea322526b271_JaffaCakes118
-
Size
13KB
-
MD5
b65b61b4f833183b4a4cea322526b271
-
SHA1
2fdd6950363d4cc0e7c85f3a6a550bd98723f864
-
SHA256
26bb6dd2e430a9e3719a59412f372b9a8b0e3c28800c8f45086c9104304bc761
-
SHA512
79b54fd5a323ac4c22debc7a78f36025f67d055a004f3f31f75ad8a9bf7f787df1cd6bb215cf7bdb9312b2f5d85e1f620a3f1eade7d53795866d0b24ebaf89c1
-
SSDEEP
384:lDsb3AVc+G0BMPxljrJnEHsyGjeKRYyTO62Xv:RusbM/jdEMy4TN6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b65b61b4f833183b4a4cea322526b271_JaffaCakes118
Files
-
b65b61b4f833183b4a4cea322526b271_JaffaCakes118.sys windows:6 windows x86 arch:x86
140d4924009f89965b092e2276173263
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExAllocatePool
RtlCompareUnicodeString
ProbeForRead
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
memcpy
memset
KeReleaseMutex
KeWaitForSingleObject
wcsncpy
IoGetCurrentProcess
KeServiceDescriptorTable
PsLookupProcessByProcessId
swprintf
wcsncat
IofCompleteRequest
NtBuildNumber
KeInitializeMutex
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
wcsncmp
ObOpenObjectByName
wcsstr
KeTickCount
KeBugCheckEx
ExFreePoolWithTag
ZwClose
RtlImageDirectoryEntryToData
RtlUnwind
hal
KfLowerIrql
KfRaiseIrql
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 640B - Virtual size: 532B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 256B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 916B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 474B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ