E:\木马\DMTOOLS源代码\DrvProject\objfre\i386\HideDriver.pdb
Static task
static1
1 signatures
General
-
Target
f0bca171d2aa8030a52d3646b52410bb_JaffaCakes118
-
Size
9KB
-
MD5
f0bca171d2aa8030a52d3646b52410bb
-
SHA1
342f106e033cfdc965fd4a93cf47321d5cb79c06
-
SHA256
7485963e69648536702926752aabaf6b9ecbc4578e02d8c35be48c09a970beda
-
SHA512
288029653f018c4bfd04f8aa7c8f07f95dcad13169314aec6b063ff924750162dd89dbb07b6b1240caf22d2bb022d66fcc48d987ef835e741def630663963424
-
SSDEEP
96:dFRBlyGVMSxd57kE+lTZUgAISllebxr7J7swMfEwSi4OhgATAnN6fz0xPfIkl/6w:fdyGd+19AIqC/71MikgAmNBdix0oQf
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0bca171d2aa8030a52d3646b52410bb_JaffaCakes118
Files
-
f0bca171d2aa8030a52d3646b52410bb_JaffaCakes118.sys windows:5 windows x86 arch:x86
3fa34a8191be073db40824e56e6eb78e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwQueryDirectoryFile
ExFreePoolWithTag
ZwQueryObject
ExAllocatePoolWithTag
strchr
strstr
RtlFreeAnsiString
RtlUpperString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
ZwDeviceIoControlFile
DbgPrint
ZwEnumerateValueKey
ZwEnumerateKey
RtlCompareUnicodeString
KeGetPreviousMode
IoGetCurrentProcess
strncpy
ProbeForWrite
_strupr
KeEnterCriticalRegion
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
KeLeaveCriticalRegion
_except_handler3
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 373B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 682B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 518B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ