u:\ahnlab\system\common\public\monster_v2.5\trunk\src\amontdxx\i386\AMonTDLH.pdb
Static task
static1
1 signatures
General
-
Target
0052a7088c027abdea7a5c5551f8911e_JaffaCakes118
-
Size
85KB
-
MD5
0052a7088c027abdea7a5c5551f8911e
-
SHA1
797559074462247694c6b991321ea637c819499f
-
SHA256
484d204ffac8cfb8bcec2f2aa0338b2d05c7bea3d42fe70cbca0141b5bd332da
-
SHA512
567fc7018ca10d39db50f35a658ef75a872857f4dfcdc326439001dd67421613675e8618684525fbdae0dd5cbcfbaba957dd5461f12490adb14af482e007df30
-
SSDEEP
1536:psrjlPkeLU6/XfKzxpSMnDoTRmwuFTkgTf47Qe5i49mXhrQaCGDsg:pslsc1WxPf2v5f9mxrh4g
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0052a7088c027abdea7a5c5551f8911e_JaffaCakes118
Files
-
0052a7088c027abdea7a5c5551f8911e_JaffaCakes118.sys windows:6 windows x86 arch:x86
688b48361889e6dad17c11e1fd742ae5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoAttachDeviceToDeviceStack
IoDetachDevice
ObfDereferenceObject
IoGetDeviceObjectPointer
ExFreePoolWithTag
_wcsicmp
ExAllocatePool
PsGetVersion
RtlAnsiStringToUnicodeString
IoAllocateIrp
IoGetRelatedDeviceObject
IoFreeIrp
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
KeDelayExecutionThread
ObReferenceObjectByName
IoDriverObjectType
ExInterlockedPushEntrySList
wcsrchr
_wcsupr
IoBuildDeviceIoControlRequest
KeInitializeSemaphore
MmBuildMdlForNonPagedPool
PsGetCurrentProcessId
ObReferenceObjectByHandle
KeSetEvent
ZwClose
ExAllocatePoolWithTag
DbgPrint
sprintf
ZwCreateFile
KeTickCount
KeBugCheckEx
RtlUnwind
ExInterlockedPopEntrySList
wcsstr
qsort
memcpy
MmMapLockedPages
ExDeleteNPagedLookasideList
memset
KeInitializeSpinLock
ExInitializeNPagedLookasideList
MmQuerySystemSize
MmIsThisAnNtAsSystem
IoCreateDevice
IoCreateSymbolicLink
IofCompleteRequest
RtlInitUnicodeString
IoDeleteSymbolicLink
wcsncpy
IoDeleteDevice
ExFreePool
wcscat
wcscpy
wcslen
ZwOpenKey
ZwSetValueKey
ZwQueryValueKey
ZwDeleteValueKey
ZwLoadDriver
ZwQueryInformationProcess
_except_handler3
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
wcsncat
ZwQueryDirectoryFile
wcschr
ExQueueWorkItem
KeReleaseSemaphore
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
KeQuerySystemTime
_allmul
KeInitializeTimer
KeInitializeDpc
KeSetTimer
ZwSetInformationFile
IoSetThreadHardErrorMode
ZwReadFile
ZwQueryInformationFile
hal
KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock
ndis.sys
NdisWaitEvent
NdisCancelTimer
NdisSetTimer
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisInitializeTimer
NdisSetEvent
tdi.sys
TdiMapUserRequest
Exports
Exports
IAnfdTDAttachFilter
IAnfdTDCompleteRequest
IAnfdTDDeregisterFilter
IAnfdTDDettachFilter
IAnfdTDDisconnectRequestByNirp
IAnfdTDEnumSessionEx
IAnfdTDFlowControl
IAnfdTDGetBuffer
IAnfdTDGetBufferEx
IAnfdTDGetBufferLength
IAnfdTDGetConnectionMode
IAnfdTDGetDesktopID
IAnfdTDGetExtensionValue
IAnfdTDGetExtensionValueEx
IAnfdTDGetLocalIP
IAnfdTDGetLocalPort
IAnfdTDGetProcessID
IAnfdTDGetProcessName
IAnfdTDGetProtocolType
IAnfdTDGetRemoteIP
IAnfdTDGetRemotePort
IAnfdTDGetSessionState
IAnfdTDMarkPending
IAnfdTDQueryProtocolName
IAnfdTDRegisterFilter
IAnfdTDRegisterFilterEx
IAnfdTDScanAllSession
IAnfdTDSetBufferEx
IAnfdTDSetDisconnectFlag
IAnfdTDSetExtensionValue
IAnfdTDSetExtensionValueEx
IAnfdTDSetRemoteIpPort
IAnfdTDSystemInformation
IAnfdTDSystemInformationEx
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ