c:\reactor3\client\Release\client.pdb
Static task
static1
1 signatures
General
-
Target
0d82437ea2bd80d8059cf2c098e1db57_JaffaCakes118
-
Size
175KB
-
MD5
0d82437ea2bd80d8059cf2c098e1db57
-
SHA1
bb8c6bc52dca06380bb68dedb700483771585296
-
SHA256
faffacd9c4b559f4cbba5ad5e4840dca29dae92eb79ba7479fca77dd5e4d8526
-
SHA512
bda51625cec3872aa4123f5fd3fd1d16cc9207e1a0cd7d1cc2e30581932817cb16e0c87d5cb699634eac19bfb241f835189080c075327a66411610d4498083a3
-
SSDEEP
3072:cZ4OJHDmlQa9vgKZf3EjULyf80EO6MAS7x3TXZzysS4EHh:cZ4gCF9vgK2Qmf80EO6agHh
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0d82437ea2bd80d8059cf2c098e1db57_JaffaCakes118
Files
-
0d82437ea2bd80d8059cf2c098e1db57_JaffaCakes118.sys windows:5 windows x86 arch:x86
07f408d0147181564b976b5bebdf7948
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeWaitForSingleObject
KeInitializeSpinLock
RtlFreeAnsiString
RtlFreeUnicodeString
IoDeleteDevice
PsCreateSystemThread
sprintf
KeSetEvent
RtlUnicodeStringToAnsiString
ZwClose
IoCreateDevice
strncmp
strstr
KeQuerySystemTime
strncpy
MmIsAddressValid
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
wcsncpy
RtlInitAnsiString
wcsncat
IoFreeMdl
IoDriverObjectType
MmProbeAndLockPages
MmUnlockPages
ObReferenceObjectByName
IoRegisterFsRegistrationChange
IoAllocateMdl
KeDelayExecutionThread
ZwReadFile
ZwCreateFile
ZwQueryInformationFile
ZwWriteFile
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
tolower
ExAllocatePool
RtlAnsiStringToUnicodeString
isupper
ZwQueryDirectoryFile
ZwDeleteFile
ZwOpenFile
ZwQueryValueKey
isdigit
_wcsicmp
RtlCompareUnicodeString
MmMapLockedPages
ZwEnumerateValueKey
KeServiceDescriptorTable
ZwLoadDriver
ZwEnumerateKey
ZwOpenKey
ZwCreateKey
ZwDeleteValueKey
ZwSetValueKey
RtlInitUnicodeString
ZwOpenDirectoryObject
ZwQueryDirectoryObject
RtlTimeToTimeFields
strchr
KeInitializeEvent
PsTerminateSystemThread
KeTickCount
ZwDeleteKey
ZwFlushKey
KeReleaseSemaphore
KeReadStateSemaphore
KeInitializeSemaphore
isspace
toupper
ObReferenceObjectByHandle
IofCompleteRequest
ExFreePool
memcpy
memset
_except_handler3
_allrem
hal
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
Sections
.text Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ