tcpip.pdb
Static task
static1
1 signatures
General
-
Target
10e6b7d2fc5166da7fdcb3dfa3a40fcf_JaffaCakes118
-
Size
351KB
-
MD5
10e6b7d2fc5166da7fdcb3dfa3a40fcf
-
SHA1
1f7731d414c75e31b03346513322225b81600cdb
-
SHA256
1cc04baba7398385fa7495a7ff2b2c43a398d7a2a2792eb1f1a114a4007e64d8
-
SHA512
161ef92fdeaa397cbd9da8373e79de652b55c4918c1da9d530a9a219c363958c5992d77a7c044de5847c75f920d4539779706d1a064eb6f65b6bbd524e6c3c5d
-
SSDEEP
6144:HcamciT9y1vHgbQrQZi4TQqSLgh6Ss8tkahEA8t/W/9geyvR:Hcamcp1vHgW48qEezdhE0/9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 10e6b7d2fc5166da7fdcb3dfa3a40fcf_JaffaCakes118
Files
-
10e6b7d2fc5166da7fdcb3dfa3a40fcf_JaffaCakes118.sys windows:5 windows x86 arch:x86
2a1a50fab3aba9e4e633e452733c029a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
hal
KfLowerIrql
KeRaiseIrqlToDpcLevel
KfReleaseSpinLock
KfAcquireSpinLock
KfRaiseIrql
KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex
ndis.sys
NdisCloseAdapter
NdisCancelSendPackets
NdisFreePacket
NdisUnchainBufferAtFront
NdisCompletePnPEvent
NdisFreePacketPool
NdisRequest
NdisAllocatePacket
NdisFreeMemory
NdisQueryAdapterInstanceName
NdisGetDriverHandle
NdisOpenAdapter
NdisAllocatePacketPoolEx
NdisGetReceivedPacket
NdisRegisterProtocol
NdisAllocateBuffer
NdisSetPacketPoolProtocolId
NdisReturnPackets
NdisCopyBuffer
NdisAllocateBufferPool
NdisFreeBufferPool
NdisReEnumerateProtocolBindings
NdisCompleteBindAdapter
ntoskrnl.exe
IoCreateDevice
_wcsicmp
wcscpy
wcsncpy
wcschr
ZwSetInformationThread
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeQueryTimeIncrement
KeSetEvent
IoDeleteSymbolicLink
ExDeleteNPagedLookasideList
KeDelayExecutionThread
ZwOpenKey
KeSetTimerEx
KeInitializeTimer
KeInitializeDpc
ExInitializeNPagedLookasideList
MmLockPagableSectionByHandle
ZwQueryValueKey
ZwSetValueKey
InterlockedPopEntrySList
InterlockedPushEntrySList
ExIsProcessorFeaturePresent
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlAddAce
RtlGetAce
IoCreateSymbolicLink
RtlInitializeSid
RtlLengthRequiredSid
ObSetSecurityObjectByPointer
RtlSelfRelativeToAbsoluteSD
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlVerifyVersionInfo
VerSetConditionMask
IoWMIRegistrationControl
IoGetCurrentProcess
KeInitializeTimerEx
RtlExtendedIntegerMultiply
KeQueryInterruptTime
_aulldiv
DbgBreakPoint
KeSetTargetProcessorDpc
RtlSetBit
SeUnlockSubjectContext
SeAccessCheck
SeLockSubjectContext
ObDereferenceSecurityDescriptor
PsGetCurrentProcessId
RtlWalkFrameChain
_aulldvrm
ExNotifyCallback
ExCreateCallback
ObReferenceObjectByHandle
MmUnlockPages
SeFreePrivileges
SeAppendPrivileges
ObLogSecurityDescriptor
SeAssignSecurity
IoFileObjectType
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
ProbeForWrite
ObfReferenceObject
PsGetCurrentProcess
RtlPrefetchMemoryNonTemporal
KeInitializeMutex
MmIsThisAnNtAsSystem
KeWaitForSingleObject
KeReleaseMutex
KeReadStateEvent
IoDeleteDevice
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlIpv4StringToAddressW
RtlTimeToTimeFields
ExLocalTimeToSystemTime
RtlExtendedMagicDivide
RtlAppendUnicodeToString
ZwClose
_allmul
MmQuerySystemSize
RtlCompareUnicodeString
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
wcslen
RtlAreBitsSet
RtlClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
DbgPrint
memmove
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
ZwLoadDriver
KeResetEvent
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IofCompleteRequest
ExfInterlockedAddUlong
MmMapLockedPagesSpecifyCache
IoFreeMdl
ExfInterlockedInsertTailList
RtlInitUnicodeString
MmMapLockedPages
KeNumberProcessors
RtlUnicodeStringToAnsiString
MmLockPagableDataSection
MmUnlockPagableImageSection
RtlCompareMemory
ExAllocatePoolWithTag
KeCancelTimer
KeClearEvent
RtlAnsiStringToUnicodeString
IoRaiseInformationalHardError
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTagPriority
KeInitializeSpinLock
_alldiv
KeQuerySystemTime
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeBugCheckEx
RtlSubAuthoritySid
KeTickCount
MmBuildMdlForNonPagedPool
ZwDeviceIoControlFile
ZwCreateFile
tdi.sys
CTESystemUpTime
CTEBlock
CTELogEvent
CTESignal
CTEBlockWithTracker
CTEStartTimer
CTEInitEvent
CTEScheduleDelayedEvent
CTEInitTimer
TdiProviderReady
CTEInitialize
TdiDeregisterNetAddress
TdiRegisterNetAddress
TdiDeregisterDeviceObject
TdiRegisterDeviceObject
TdiDeregisterProvider
TdiRegisterProvider
TdiPnPPowerRequest
TdiCopyMdlChainToMdlChain
TdiInitialize
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
CTEScheduleEvent
TdiCopyBufferToMdl
CTERemoveBlockTracker
CTEInsertBlockTracker
TdiMapUserRequest
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
Exports
Exports
ARPRcv
ARPRcvPacket
FreeIprBuff
GetIFAndLink
IPAddInterface
IPAllocBuff
IPDelInterface
IPDelayedNdisReEnumerateBindings
IPDeregisterARP
IPDisableSniffer
IPEnableSniffer
IPFreeBuff
IPGetAddrType
IPGetBestInterface
IPGetInfo
IPInjectPkt
IPProxyNdisRequest
IPRcvComplete
IPRcvPacket
IPRegisterARP
IPRegisterProtocol
IPSetIPSecStatus
IPTransmit
LookupRoute
LookupRouteInformation
LookupRouteInformationWithBuffer
SendICMPErr
SetIPSecPtr
UnSetIPSecPtr
UnSetIPSecSendPtr
tcpxsum
Sections
.text Size: 251KB - Virtual size: 251KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEIPMc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 896B - Virtual size: 833B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ