discache.pdb
Static task
static1
1 signatures
General
-
Target
f6b26ea36e1c97211e284d2a83d49445_JaffaCakes118
-
Size
31KB
-
MD5
f6b26ea36e1c97211e284d2a83d49445
-
SHA1
7e29fd5608ca8daeb6ae9e7c0d800fa7af5faeed
-
SHA256
471aed0fe3ce06f371e8404e8dd3b5f952ff60349264a5fe1c0f72a12fc2387f
-
SHA512
5055c81863dc9efca28c0fb068d090bf5349afbad2bc34f5734398b656bac0e11a5991f7efb1d7a0fb3475dbb312e0e0f1684ac4f74f143f2913580ebd8e8f84
-
SSDEEP
768:fjQHoFyBSZP/MEs2Hyd3z9gYHdVnS4TB3qAQ:fUHoFyBkP/MX2Hm9gcK
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f6b26ea36e1c97211e284d2a83d49445_JaffaCakes118
Files
-
f6b26ea36e1c97211e284d2a83d49445_JaffaCakes118.sys windows:6 windows x86 arch:x86
55f0097fe98208838a8af6d692c8fe4f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExAcquireRundownProtection
ZwQueryValueKey
ZwClose
RtlInitUnicodeString
ZwOpenKey
memcpy
ZwQueryInformationFile
ExFreePoolWithTag
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlInitializeSid
ExAllocatePoolWithTag
RtlLengthRequiredSid
memset
SeReleaseSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
ExGetPreviousMode
SeCaptureSubjectContext
ObReferenceObjectByHandle
ObfDereferenceObject
KeWaitForSingleObject
ZwOpenEvent
RtlCreateSystemVolumeInformationFolder
RtlAppendUnicodeToString
ExQueueWorkItem
IoGetBaseFileSystemDeviceObject
ObOpenObjectByPointer
IoFileObjectType
ObIsKernelHandle
ExInitializeRundownProtection
ExRegisterAttributeInformationCallback
ExWaitForRundownProtectionRelease
RtlFreeUnicodeString
ExUnregisterAttributeInformationCallback
ExfAcquirePushLockExclusive
ExfTryToWakePushLock
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExfAcquirePushLockShared
ExfReleasePushLockShared
RtlCreateHashTable
RtlDeleteHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlInitEnumerationHashTable
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlRemoveEntryHashTable
RtlInsertEntryHashTable
KeTickCount
KeBugCheckEx
RtlUnwind
RtlCopyUnicodeString
ExReleaseRundownProtection
ZwSetValueKey
ZwEnumerateKey
ZwQueryKey
ZwDeleteKey
KeSetTimer
_vsnwprintf
ZwCreateKey
ZwDuplicateObject
KeInitializeDpc
KeInitializeTimer
KeCancelTimer
ZwEnumerateValueKey
ZwDeleteValueKey
RtlInt64ToUnicodeString
RtlAppendUnicodeStringToString
RtlStringFromGUID
ExUuidCreate
ZwUnloadKey
ZwSetSecurityObject
ZwDeleteFile
ZwLoadKeyEx
ZwFsControlFile
RtlGUIDFromString
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
ZwOpenFile
ObQueryNameString
cng.sys
AppHashComputeFileAttributes
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 608B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ