dmio.pdb
Static task
static1
1 signatures
General
-
Target
ebc39d66c2338c70f9bcb1eb88b55c4d_JaffaCakes118
-
Size
149KB
-
MD5
ebc39d66c2338c70f9bcb1eb88b55c4d
-
SHA1
a70836d380d217f5a6f9bb80d1236ec9c47ae67c
-
SHA256
db3d6cda156f8e9d9197fef0ca59d8aa3f2fb31a683aeef80ec2949715ecae3b
-
SHA512
ece8407d5d999265249dac7adc3f70d10a31c12be828c589e49e95f8b06b586aee95d9ca7c1df3ff90906c03d6c293b02beb249303002f593e564c43609a49e6
-
SSDEEP
3072:lP+1wyyBw0iQM+jCc10YiYtlxpq2jGIKwJkXkzmA5wrH0v0eqD0d:l+12w0TM0il2dKoIkzP58CZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ebc39d66c2338c70f9bcb1eb88b55c4d_JaffaCakes118
Files
-
ebc39d66c2338c70f9bcb1eb88b55c4d_JaffaCakes118.sys windows:5 windows x86 arch:x86
36d1d1a79a966dff6d007e85983dbf9e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
IoBuildAsynchronousFsdRequest
ObfReferenceObject
IoAllocateIrp
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
MmGetPhysicalAddress
IoAllocateMdl
_allshr
KeInitializeEvent
KeWaitForSingleObject
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
_except_handler3
MmUnmapLockedPages
IofCompleteRequest
memmove
KeSetEvent
ProbeForRead
ProbeForWrite
KeTickCount
PsCreateSystemThread
KeInitializeSemaphore
FsRtlIsTotalDeviceFailure
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlInitUnicodeString
swprintf
RtlCopyUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
RtlVerifyVersionInfo
VerSetConditionMask
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
RtlFreeUnicodeString
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlInitAnsiString
RtlAppendUnicodeStringToString
RtlStringFromGUID
IoFreeIrp
RtlFreeAnsiString
IoDeleteSymbolicLink
strncmp
RtlUnicodeStringToAnsiString
wcsncmp
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryValueKey
ZwOpenKey
IoGetDeviceProperty
RtlCompareMemory
IoWritePartitionTableEx
_allmul
IoReadPartitionTableEx
IoRegisterDriverReinitialization
IoReportDetectedDevice
IoCreateSynchronizationEvent
IoWriteErrorLogEntry
strncpy
IoAllocateErrorLogEntry
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
ZwCreateDirectoryObject
ZwMakeTemporaryObject
isdigit
PoRequestPowerIrp
PoSetPowerState
IoWMIRegistrationControl
wcslen
KeBugCheckEx
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
IoDeleteDevice
MmUnlockPages
RtlAnsiStringToUnicodeString
IoFreeMdl
IoInvalidateDeviceRelations
KeQuerySystemTime
IoVolumeDeviceToDosName
KeReleaseSemaphore
KeInitializeDpc
KeInitializeTimer
KeSetTimer
PsTerminateSystemThread
_aulldvrm
IoRaiseInformationalHardError
_allrem
_alldiv
_alldvrm
ZwClose
sprintf
hal
ExAcquireFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExReleaseFastMutex
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 820B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ