d:\adev\agent_master\agent\filespy\driver\objfre_wnet_amd64\amd64\CaptureFileMonitor64.pdb
Static task
static1
1 signatures
General
-
Target
e27d3f53c0bed53ae33a65148076a0b7_JaffaCakes118
-
Size
59KB
-
MD5
e27d3f53c0bed53ae33a65148076a0b7
-
SHA1
011ea8a834adf126b9d70cf4efd48e1a6d92c2a5
-
SHA256
954e364709c70ab9d3d505c4c1e1b40ab18d35a55d0b1f2ca355bfeacc495a25
-
SHA512
da1ea216a1b5f94da899b9784466c25b1dfea9e8cded89f3a87cfd33345d9c9befdd5f300a5a33eaa67329776986df9765c7a38fc61493e6984ed86f0d2d5825
-
SSDEEP
768:wGo7QeIBE6WT4flBPu9F183I4paqLj9E3x1ZRgFdjmn42dPRht/Q6V+1Byoa/4OQ:whQvvG16N103Zodj8htJ01Wy5ripEnb
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e27d3f53c0bed53ae33a65148076a0b7_JaffaCakes118
Files
-
e27d3f53c0bed53ae33a65148076a0b7_JaffaCakes118.sys windows:6 windows x64 arch:x64
717f92c7d8616fdf60811da16074fa1f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
RtlEqualSid
KeAcquireInStackQueuedSpinLock
RtlLengthSid
KeReleaseInStackQueuedSpinLock
KeAcquireSpinLockRaiseToDpc
KeBugCheckEx
ObfDereferenceObject
FsRtlDissectName
RtlAppendUnicodeStringToString
IoVolumeDeviceToDosName
RtlAppendUnicodeToString
DbgPrint
IoIsSystemThread
ExInitializeResourceLite
ExDeleteResourceLite
ExInterlockedRemoveHeadList
SeQueryInformationToken
ExReleaseResourceLite
ExInterlockedInsertTailList
ExInterlockedInsertHeadList
ExSystemTimeToLocalTime
MmMapLockedPagesSpecifyCache
RtlFreeUnicodeString
FsRtlIsPagingFile
KeEnterCriticalRegion
FsRtlIsNameInExpression
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlTimeToSecondsSince1970
KeLeaveCriticalRegion
RtlUpcaseUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
_strnicmp
ExAcquireResourceExclusiveLite
KeReleaseSpinLock
_stricmp
__C_specific_handler
fltmgr.sys
FltReleaseFileNameInformation
FltGetFileNameInformation
FltGetDiskDeviceObject
FltGetDestinationFileNameInformation
FltFreePoolAlignedWithTag
FltStartFiltering
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltDecodeParameters
FltCloseCommunicationPort
FltUnregisterFilter
FltAllocateContext
FltReleaseContext
FltQueryInformationFile
FltIsDirectory
FltFreeSecurityDescriptor
FltGetVolumeFromInstance
FltGetVolumeProperties
FltReadFile
FltSetInformationFile
FltCreateCommunicationPort
FltAllocatePoolAlignedWithTag
FltCloseClientPort
FltGetRequestorProcessId
FltSetStreamHandleContext
FltSendMessage
FltGetStreamHandleContext
FltObjectDereference
FltGetRequestorProcess
FltParseFileNameInformation
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ