c:\data\objfre_wlh_amd64\amd64\3GDatausbser64.pdb
Static task
static1
1 signatures
General
-
Target
ffdcb4f37374c7b4b26cacf838b26c56_JaffaCakes118
-
Size
116KB
-
MD5
ffdcb4f37374c7b4b26cacf838b26c56
-
SHA1
9cb22f9b94610797bd4a1f319e2e77e7a9507879
-
SHA256
7cf8392bef146ce128f871541f92dbd23686c417ce5c061e4b7e5678f152a382
-
SHA512
e745d48993a34784b39271f9c667fb3d5115eb9b1c58d9c5f2925b8b515426c328d3516db786970ba60a99f17b5256b2b33dbc8751437255c959f988c634cc72
-
SSDEEP
3072:B3hgX7OnRvrcmJ9N95QayyWXuMMr/5WIG0uJbxrTkrbw:3gX7OnRwmJ9HZy+MMr/4Gsb
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ffdcb4f37374c7b4b26cacf838b26c56_JaffaCakes118
Files
-
ffdcb4f37374c7b4b26cacf838b26c56_JaffaCakes118.sys windows:6 windows x64 arch:x64
b551e07380b53937c8b558a1c4170b2c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
KeAcquireSpinLockRaiseToDpc
RtlCopyUnicodeString
IofCompleteRequest
KeInitializeEvent
RtlUnicodeStringToAnsiString
sprintf
IoFreeIrp
ExAllocatePoolWithTag
RtlFreeAnsiString
KeReleaseSpinLockFromDpcLevel
IoAcquireRemoveLockEx
KeClearEvent
PsCreateSystemThread
IofCallDriver
PsTerminateSystemThread
IoSetDeviceInterfaceState
ZwClose
ObReferenceObjectByHandle
KeSetPriorityThread
KeWaitForSingleObject
ExGetPreviousMode
RtlWriteRegistryValue
IoGetAttachedDeviceReference
IoReleaseRemoveLockEx
ObfDereferenceObject
KeWaitForMultipleObjects
KeAcquireSpinLockAtDpcLevel
IoAttachDeviceToDeviceStack
IoAllocateIrp
RtlCompareMemory
IoReuseIrp
IoOpenDeviceRegistryKey
IoRegisterDeviceInterface
IoCreateDevice
IoGetDeviceProperty
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ZwSetValueKey
IoDetachDevice
PoSetPowerState
IoCreateUnprotectedSymbolicLink
IoCancelIrp
isprint
ZwQueryValueKey
RtlInitAnsiString
KeInitializeDpc
KeInitializeTimer
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
IoReleaseRemoveLockAndWaitEx
IoInitializeRemoveLockEx
IoAcquireCancelSpinLock
RtlAnsiStringToUnicodeString
strstr
RtlIntegerToUnicodeString
KeCancelTimer
MmMapLockedPagesSpecifyCache
KeSetTimer
KeReadStateTimer
KeQueryPriorityThread
IoBuildDeviceIoControlRequest
PoStartNextPowerIrp
PoCallDriver
IoIsWdmVersionAvailable
IoQueueWorkItem
IoWMIRegistrationControl
KeReadStateEvent
IoFreeWorkItem
PoRequestPowerIrp
IoAllocateWorkItem
KeBugCheckEx
IoDeleteSymbolicLink
DbgPrint
RtlDeleteRegistryValue
IoReleaseCancelSpinLock
ZwOpenKey
KeReleaseSpinLock
usbd.sys
USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
wmilib.sys
WmiCompleteRequest
WmiSystemControl
Sections
.text Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 256B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ