volsnap.pdb
Static task
static1
1 signatures
General
-
Target
ff65c55aeaae0164f6c3a896ab617eed_JaffaCakes118
-
Size
52KB
-
MD5
ff65c55aeaae0164f6c3a896ab617eed
-
SHA1
d0722ce50c4df39bf71533805928159584a26035
-
SHA256
3205fc10e9c0a02d49aebd384eadb88122e6bc2bdae47f6baa1b083b70e5db20
-
SHA512
6bc9f211ec59e560401e7a6d1ac34e3cf7c132b2e23e9788e05cedfd1daac8d9ff2098d3982ea5627f18b93613783f0965b319fc80c19b61ed5979d78b68bd36
-
SSDEEP
1536:5p+LEeGMQ5L4ue9XrJIK1pktST/S13x5:G/GqrJIK11T/uh5
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ff65c55aeaae0164f6c3a896ab617eed_JaffaCakes118
Files
-
ff65c55aeaae0164f6c3a896ab617eed_JaffaCakes118.sys windows:5 windows x86 arch:x86
b18fbdd7a311da57e719bd58d62b220c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeWaitForSingleObject
KeReleaseSemaphore
ObfDereferenceObject
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ExFreePoolWithTag
IoVolumeDeviceToDosName
ExQueueWorkItem
ObfReferenceObject
KeNumberProcessors
IofCompleteRequest
IofCallDriver
RtlAreBitsSet
_allshr
KeSetEvent
KeInitializeEvent
ExAllocatePoolWithTag
ZwFsControlFile
ZwQueryVolumeInformationFile
_allmul
_alldiv
ZwSetInformationFile
ZwClose
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
_except_handler3
ZwUnmapViewOfSection
IoFreeIrp
IoFreeMdl
IoStopTimer
ExAllocatePoolWithTagPriority
PsGetCurrentThread
IoBuildPartialMdl
IoAllocateMdl
IoAllocateIrp
RtlLookupElementGenericTableAvl
ZwMapViewOfSection
ZwCreateSection
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeSetTimer
RtlAppendUnicodeStringToString
RtlCreateSystemVolumeInformationFolder
RtlStringFromGUID
swprintf
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlCreateSecurityDescriptor
ZwOpenFile
RtlSetBit
RtlClearBits
RtlSetBits
RtlQueryRegistryValues
ObReferenceObjectByHandle
RtlFindNextForwardRunClear
RtlInitializeBitMap
KeQuerySystemTime
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAllocatePoolWithQuotaTag
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
MmLockPagableDataSection
ZwQueryDirectoryFile
IoFreeWorkItem
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
KeCancelTimer
PoCallDriver
PoStartNextPowerIrp
ZwWaitForSingleObject
PsCreateSystemThread
IoInvalidateDeviceRelations
IoQueueWorkItem
IoAllocateWorkItem
IoDetachDevice
IoInitializeTimer
KeInitializeDpc
KeInitializeTimer
IoAttachDeviceToDeviceStack
KeInitializeSpinLock
IoGetDriverObjectExtension
IoCreateDevice
IoStartTimer
RtlFindSetBits
RtlClearAllBits
ZwCreateFile
RtlEnumerateGenericTableAvl
RtlSetAllBits
MmBuildMdlForNonPagedPool
RtlInitializeGenericTableAvl
KeResetEvent
RtlEqualUnicodeString
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
ZwOpenEvent
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
IoGetDeviceProperty
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoRegisterDriverReinitialization
KeInitializeSemaphore
IoAllocateDriverObjectExtension
KeTickCount
KeBugCheckEx
InterlockedPushEntrySList
IoDeleteDevice
InterlockedPopEntrySList
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 896B - Virtual size: 788B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGELK Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INITc Size: 7KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ