disk.pdb
Static task
static1
1 signatures
General
-
Target
f0791db8cfa2de0b22909af7e0a57605_JaffaCakes118
-
Size
35KB
-
MD5
f0791db8cfa2de0b22909af7e0a57605
-
SHA1
63e4626c903b6636188e4fefd220f3336f31cffa
-
SHA256
bca019658eb10a14a757398b6bd86896f4ddf23d3806b2e975e5fdfea21618f8
-
SHA512
e2c70cd8b66ac2cef536f065edcd2c910ef6dbcc073c1def94ba94aea8847fa6ad4986182ccac1e5992e671adb443eb34b5ca49376f9a226c5d80193104156a1
-
SSDEEP
768:CgeJpBApQnLs/oGMjZYEY/kETW/VbwTCJFgQgkV:CgeJpBAinQAGMjZYpktu+JFgQgkV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0791db8cfa2de0b22909af7e0a57605_JaffaCakes118
Files
-
f0791db8cfa2de0b22909af7e0a57605_JaffaCakes118.sys windows:5 windows x86 arch:x86
2a7faa69cfee2416e3d62673a51c91e5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeIrp
IoFreeMdl
IoWMIRegistrationControl
ExfInterlockedPopEntryList
KeInitializeSpinLock
ExQueueWorkItem
ExfInterlockedPushEntryList
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwQueryValueKey
RtlUnicodeStringToInteger
IoReadDiskSignature
ZwOpenKey
IoReadPartitionTable
DbgPrint
IoReadPartitionTableEx
IoWritePartitionTableEx
IoSetPartitionInformationEx
IoSetPartitionInformation
IoRegisterBootDriverReinitialization
IoGetConfigurationInformation
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
sprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
RtlFreeUnicodeString
IoSetDeviceInterfaceState
KeInitializeMutex
InitSafeBootMode
IoRegisterDeviceInterface
HalExamineMBR
KeTickCount
KeBugCheckEx
_allmul
_allrem
IoAllocateWorkItem
IoQueueWorkItem
IoReportTargetDeviceChangeAsynchronous
IoBuildDeviceIoControlRequest
IoBuildSynchronousFsdRequest
IoInvalidateDeviceRelations
memmove
IoCreateDisk
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoAllocateIrp
IofCallDriver
_allshr
IoFreeWorkItem
KeWaitForSingleObject
KeReleaseMutex
ExAllocatePoolWithTag
KeSetEvent
strncmp
IoSetHardErrorOrVerifyDevice
swprintf
RtlInitUnicodeString
ZwCreateDirectoryObject
IoGetAttachedDeviceReference
ZwMakeTemporaryObject
ZwClose
ExFreePoolWithTag
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeEvent
IoVerifyPartitionTable
ObfDereferenceObject
classpnp.sys
ClassQueryTimeOutRegistryValue
ClassUpdateInformationInRegistry
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassDeleteSrbLookasideList
ClassReadDriveCapacity
ClassSignalCompletion
ClassMarkChildMissing
ClassInitializeSrbLookasideList
ClassNotifyFailurePredicted
ClassSetFailurePredictionPoll
ClassWmiCompleteRequest
ClassInterpretSenseInfo
ClassSpinDownPowerHandler
ClassInitialize
ClassInitializeEx
ClassSendDeviceIoControlSynchronous
ClassAcquireChildLock
ClassReleaseChildLock
ClassDeviceControl
ClassInvalidateBusRelations
ClassSetDeviceParameter
ClassModeSense
ClassFindModePage
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassSendSrbSynchronous
ClassIoComplete
ClassReleaseRemoveLock
ClassCompleteRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassScanForSpecial
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 384B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ