amdk8.pdb
Static task
static1
1 signatures
General
-
Target
d4d4187ca76964d78f4b2edf94bf45f2_JaffaCakes118
-
Size
35KB
-
MD5
d4d4187ca76964d78f4b2edf94bf45f2
-
SHA1
1bb370017ad5ba398724435ac6623178e2fa024a
-
SHA256
bab5188bed1d36a07ce01f12b6e3f90b4ba13755041d2a7aacaab2331cf79210
-
SHA512
7f81a84c23ecd28028cde3e2e0d9a661f811bf084da661286a57902d49527cafc5caeb43255011e82c732a17b0707b8fe0d5211f8486b60fe305990fa0513332
-
SSDEEP
768:XJXs5y8lxRO71stih7YIbHsyLJbA5rMnt3tHRM7XyQ:Z85y8lxROhgObTLK
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4d4187ca76964d78f4b2edf94bf45f2_JaffaCakes118
Files
-
d4d4187ca76964d78f4b2edf94bf45f2_JaffaCakes118.sys windows:5 windows x86 arch:x86
d4cbe6534b15e57dbd8c6f4c3b6c6673
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeTickCount
KeBugCheckEx
KeDelayExecutionThread
ExAllocatePoolWithTag
KeInitializeEvent
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
_vsnwprintf
IofCallDriver
IoBuildDeviceIoControlRequest
strncpy
ZwQueryValueKey
RtlInitUnicodeString
RtlQueryRegistryValues
RtlWriteRegistryValue
wcslen
RtlIntegerToUnicodeString
IoFreeWorkItem
ZwPowerInformation
IoBuildSynchronousFsdRequest
KeQueryActiveProcessors
MmMapIoSpace
RtlEqualUnicodeString
ZwOpenKey
MmUnmapIoSpace
IoQueueWorkItem
IoAllocateWorkItem
PsCreateSystemThread
RtlInitAnsiString
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
IoDetachDevice
IoDeleteDevice
IoAttachDeviceToDeviceStack
PoSetPowerState
IoCreateDevice
ExUnregisterCallback
IofCompleteRequest
KefAcquireSpinLockAtDpcLevel
IoReleaseCancelSpinLock
KeNumberProcessors
ExRegisterCallback
ExCreateCallback
RtlCopyUnicodeString
IoWMIRegistrationControl
swprintf
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
MmLockPagableDataSection
MmUnlockPagableImageSection
ZwClose
ExFreePoolWithTag
ZwSetInformationThread
KeReleaseMutex
KeReadStateEvent
PsTerminateSystemThread
KeSetEvent
KeWaitForSingleObject
KeClearEvent
KeInitializeSpinLock
RtlAnsiStringToUnicodeString
KeInitializeMutex
hal
READ_PORT_UCHAR
KfAcquireSpinLock
KeStallExecutionProcessor
HalSetBusDataByOffset
WRITE_PORT_ULONG
WRITE_PORT_USHORT
READ_PORT_ULONG
READ_PORT_USHORT
KfReleaseSpinLock
KeQueryPerformanceCounter
WRITE_PORT_UCHAR
KeGetCurrentIrql
wmilib.sys
WmiSystemControl
WmiCompleteRequest
WmiFireEvent
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 742B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ