F:\WINDDK\3790\hider\bin\i386\driver.pdb
Static task
static1
1 signatures
General
-
Target
bff397c29fabf4038ca602cf7157be0c_JaffaCakes118
-
Size
19KB
-
MD5
bff397c29fabf4038ca602cf7157be0c
-
SHA1
aee7c7dadaec3f762b9a7a622414069a8e0187dd
-
SHA256
7a69fc95ed5f1113be8704009a6d1d01944b626de6d4bca156e4b0a11cd061cd
-
SHA512
70bc9bd81ca6edf7960d37c75ee97a700eacbab2a412c9e57d5558fc583dbed08c0271de2d54a1de8d31dc3e5b3cc6b4a02c56bf33dd0720f1c59e6caccab5fa
-
SSDEEP
384:tZLZTGwF0YN0uPTwPGTNSl/BGzTfmtIwOhDmEi4hzwlOrzLg4G:QwF7FT0qE+dsNp
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bff397c29fabf4038ca602cf7157be0c_JaffaCakes118
Files
-
bff397c29fabf4038ca602cf7157be0c_JaffaCakes118.sys windows:5 windows x86 arch:x86
f6130d16c1d7d2851ac5d1fd5d744775
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeReleaseMutex
KeWaitForSingleObject
PsGetCurrentProcessId
MmHighestUserAddress
KeGetPreviousMode
KeInitializeMutex
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ObfDereferenceObject
mbstowcs
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
KeInitializeSpinLock
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExFreePool
wcsstr
_wcslwr
_wcsnicmp
ZwQuerySystemInformation
strncmp
IoGetCurrentProcess
strncpy
MmUnmapLockedPages
ZwClose
ZwOpenKey
wcsncpy
MmMapLockedPages
wcscpy
_wcsicmp
KeServiceDescriptorTable
_stricmp
strchr
ZwQueryInformationProcess
RtlQueryRegistryValues
PsGetVersion
KeNumberProcessors
DbgPrint
KeGetCurrentThread
IoFreeMdl
KeInsertQueueApc
KeInitializeApc
KeUnstackDetachProcess
ObReferenceObjectByHandle
ExEventObjectType
NtCreateEvent
MmMapLockedPagesSpecifyCache
KeStackAttachProcess
MmProbeAndLockPages
IoAllocateMdl
ObfReferenceObject
towupper
InterlockedIncrement
IofCallDriver
InterlockedDecrement
ExfInterlockedRemoveHeadList
InterlockedExchange
ExfInterlockedInsertTailList
RtlCompareMemory
IoGetRelatedDeviceObject
ZwCreateFile
IofCompleteRequest
IoDeleteSymbolicLink
IoDeleteDevice
KeDelayExecutionThread
MmBuildMdlForNonPagedPool
_except_handler3
hal
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
KfLowerIrql
KeRaiseIrqlToSynchLevel
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 768B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ