c:\bin\avipbb\i386\avipbb.pdb
Static task
static1
1 signatures
General
-
Target
b785c4ed83df6959fb05b70c8c3329ce_JaffaCakes118
-
Size
131KB
-
MD5
b785c4ed83df6959fb05b70c8c3329ce
-
SHA1
f3f97cf03bb122afa4d30b9fba3c9eb136ea1157
-
SHA256
4473b332460c4191b7c7a0924112bcf2098e10381563f42a9b5acddef1d36ece
-
SHA512
bd438628d17aa1f137dc8b33b22ad5d2a5f71722c27ee61ada07bdf7a06ca2237fcdcb23afac463e317d1d185d78fb86d1469f3b8d181220f8af5cfccd893dfb
-
SSDEEP
1536:c/3Qt0gPxYcGhbEvJu0opZjOqFON4KwKUNIL6aQnLPZ/aHi+NfY:XlP+hYvJu02tOqFuUNnLPZ/aHij
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b785c4ed83df6959fb05b70c8c3329ce_JaffaCakes118
Files
-
b785c4ed83df6959fb05b70c8c3329ce_JaffaCakes118.sys windows:6 windows x86 arch:x86
e86460b85f771684969ea82e178ee990
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
memset
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExAllocatePoolWithTag
memcpy
ExFreePoolWithTag
ObfDereferenceObject
PsGetProcessId
RtlCompareUnicodeString
wcsncpy
RtlCopyUnicodeString
ZwClose
ZwReadFile
ZwCreateFile
_strnicmp
RtlInitUnicodeString
KeWaitForSingleObject
KeSetEvent
PsTerminateSystemThread
KeResetEvent
ZwQueryValueKey
ZwOpenKey
ExDeleteNPagedLookasideList
ExDeleteResourceLite
IoDeleteDevice
IoDeleteSymbolicLink
PsRemoveCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
_stricmp
ZwQuerySystemInformation
ObReferenceObjectByHandle
PsCreateSystemThread
PsSetCreateThreadNotifyRoutine
RtlIntegerToUnicodeString
ExInitializeNPagedLookasideList
IoCreateSymbolicLink
IoCreateDevice
KeInitializeMutex
ExInitializeResourceLite
MmGetSystemRoutineAddress
KeClearEvent
InterlockedPopEntrySList
InterlockedPushEntrySList
KeGetCurrentThread
_vsnwprintf
IofCompleteRequest
IoReleaseCancelSpinLock
ZwWriteFile
ZwSetInformationFile
IoThreadToProcess
ZwFreeVirtualMemory
KeNumberProcessors
IoIsSystemThread
_aullrem
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
KeReleaseMutex
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
KeSetTimer
KeInitializeDpc
KeInitializeTimer
ExGetPreviousMode
RtlAppendUnicodeStringToString
PsThreadType
NtClose
ZwAllocateVirtualMemory
RtlMapGenericMask
PsProcessType
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
RtlCompareString
RtlUpcaseUnicodeChar
wcschr
wcsncat
RtlEqualUnicodeString
ObQueryNameString
ObReferenceObjectByPointer
IoFileObjectType
IofCallDriver
IoBuildAsynchronousFsdRequest
ZwQueryInformationFile
IoGetRelatedDeviceObject
ObfReferenceObject
ExEventObjectType
ZwCreateEvent
ExQueueWorkItem
PsIsThreadTerminating
NtBuildNumber
wcsrchr
strncpy
ObReferenceObjectByName
IoDriverObjectType
KeTickCount
KeBugCheckEx
RtlUnwind
RtlGetVersion
IoGetCurrentProcess
PsGetCurrentProcessId
PsGetCurrentThreadId
KeQuerySystemTime
ZwOpenProcess
IoFreeIrp
ProbeForRead
ProbeForWrite
NtQueryInformationProcess
NtOpenProcess
ZwQueryInformationProcess
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeDelayExecutionThread
_allmul
ZwDuplicateObject
ZwQueryObject
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
memmove
_wcsnicmp
KeWaitForMultipleObjects
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeInitializeEvent
hal
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
NONPAGED Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1024B - Virtual size: 722B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ