tcpip.pdb
Static task
static1
1 signatures
General
-
Target
119eccdb3b0fd7e45eee005a4cd35572_JaffaCakes118
-
Size
310KB
-
MD5
119eccdb3b0fd7e45eee005a4cd35572
-
SHA1
7bf53baa7cd47db93e712458a715f6439904a34d
-
SHA256
cbcdbdecf9dba236852d289aa729aadfbe39fdf7b13c8f3f9a0663c99b05e22b
-
SHA512
23d82f475a625c1e86d5d25147a6d0cd443283423a24f9f4a2aa0d41d494e49b44f3ca4e63d056e3c37a6f5d1025e0333ac2fa336ce209a22b47092a10049b7f
-
SSDEEP
6144:J5PggNtVqfPwSJCIU3cFh7S8wKssM9oSkFUMpVdZwhWlEZr:3Pg+t0fPxJ0248xYMTu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 119eccdb3b0fd7e45eee005a4cd35572_JaffaCakes118
Files
-
119eccdb3b0fd7e45eee005a4cd35572_JaffaCakes118.sys windows:5 windows x86 arch:x86
ec4e87fcbe11d4b89c01736ab01bff3c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlExtendedMagicDivide
ExLocalTimeToSystemTime
RtlTimeToTimeFields
RtlIpv4StringToAddressW
RtlUnicodeStringToInteger
ZwEnumerateValueKey
KeReadStateEvent
KeReleaseMutex
MmIsThisAnNtAsSystem
KeInitializeMutex
_wcsicmp
wcscpy
wcsncpy
wcschr
IoRaiseInformationalHardError
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
InterlockedPopEntrySList
InterlockedPushEntrySList
ZwQueryValueKey
ZwSetValueKey
ExIsProcessorFeaturePresent
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObReleaseObjectSecurity
SeSetSecurityDescriptorInfo
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ObGetObjectSecurity
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ObfDereferenceObject
RtlAddAce
RtlGetAce
RtlAppendUnicodeToString
RtlInitializeSid
RtlLengthRequiredSid
ObSetSecurityObjectByPointer
RtlSelfRelativeToAbsoluteSD
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlVerifyVersionInfo
VerSetConditionMask
IoWMIRegistrationControl
KeInitializeTimerEx
RtlExtendedIntegerMultiply
DbgBreakPoint
KeQueryInterruptTime
KeSetTargetProcessorDpc
RtlSetBit
SeUnlockSubjectContext
SeAccessCheck
SeLockSubjectContext
ObDereferenceSecurityDescriptor
PsGetCurrentProcessId
ExNotifyCallback
ExCreateCallback
_aulldiv
ObReferenceObjectByHandle
MmUnlockPages
SeFreePrivileges
SeAppendPrivileges
ObLogSecurityDescriptor
SeAssignSecurity
IoFileObjectType
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
ProbeForWrite
ObfReferenceObject
DbgPrint
RtlPrefetchMemoryNonTemporal
MmLockPagableSectionByHandle
MmLockPagableDataSection
ExInitializeNPagedLookasideList
KeInitializeDpc
KeInitializeTimer
KeSetTimerEx
ZwClose
IoCreateDevice
IoDeleteDevice
ZwOpenKey
KeDelayExecutionThread
KeWaitForSingleObject
ExDeleteNPagedLookasideList
MmUnlockPagableImageSection
RtlInitUnicodeString
IoCreateSymbolicLink
IoDeleteSymbolicLink
KeSetEvent
KeQueryTimeIncrement
KeEnterCriticalRegion
KeLeaveCriticalRegion
ZwSetInformationThread
KeQuerySystemTime
_allmul
_alldiv
MmQuerySystemSize
ExfInterlockedInsertTailList
RtlCompareUnicodeString
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
wcslen
RtlCompareMemory
RtlAreBitsSet
RtlClearBits
RtlFindClearBitsAndSet
RtlFindClearRuns
KeCancelTimer
KeClearEvent
memmove
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
ZwLoadDriver
KeResetEvent
MmMapLockedPages
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IofCompleteRequest
KeInitializeEvent
ExfInterlockedAddUlong
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
IoFreeMdl
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeNumberProcessors
ExFreePoolWithTag
ExAllocatePoolWithTagPriority
KeBugCheckEx
RtlSubAuthoritySid
KeTickCount
MmBuildMdlForNonPagedPool
ZwDeviceIoControlFile
ZwCreateFile
hal
KfLowerIrql
KfRaiseIrql
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KeQueryPerformanceCounter
ExAcquireFastMutex
ExReleaseFastMutex
ndis.sys
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisFreePacket
NdisAllocatePacket
NdisSetPacketPoolProtocolId
NdisAllocatePacketPoolEx
NdisReturnPackets
NdisCompleteBindAdapter
NdisReEnumerateProtocolBindings
NdisFreeBufferPool
NdisFreePacketPool
NdisAllocateBufferPool
NdisCompletePnPEvent
NdisCloseAdapter
NdisCancelSendPackets
NdisRequest
NdisFreeMemory
NdisQueryAdapterInstanceName
NdisCopyBuffer
NdisRegisterProtocol
NdisGetReceivedPacket
NdisOpenAdapter
NdisGetDriverHandle
tdi.sys
CTESignal
CTESystemUpTime
CTEScheduleDelayedEvent
CTEInitEvent
CTEStartTimer
CTEInitTimer
CTEBlock
TdiProviderReady
CTEInitialize
TdiDeregisterNetAddress
TdiRegisterNetAddress
TdiDeregisterDeviceObject
CTEBlockWithTracker
CTELogEvent
TdiRegisterDeviceObject
TdiCopyMdlChainToMdlChain
TdiDeregisterProvider
TdiRegisterProvider
TdiPnPPowerRequest
TdiInitialize
TdiDeregisterPnPHandlers
TdiRegisterPnPHandlers
CTEScheduleEvent
TdiCopyBufferToMdl
CTERemoveBlockTracker
CTEInsertBlockTracker
TdiMapUserRequest
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
Exports
Exports
FreeIprBuff
GetIFAndLink
IPAddInterface
IPAllocBuff
IPDelInterface
IPDelayedNdisReEnumerateBindings
IPDeregisterARP
IPDisableSniffer
IPEnableSniffer
IPFreeBuff
IPGetAddrType
IPGetBestInterface
IPGetInfo
IPInjectPkt
IPProxyNdisRequest
IPRegisterARP
IPRegisterProtocol
IPSetIPSecStatus
IPTransmit
LookupRoute
LookupRouteInformation
LookupRouteInformationWithBuffer
SendICMPErr
SetIPSecPtr
UnSetIPSecPtr
UnSetIPSecSendPtr
tcpxsum
Sections
.text Size: 239KB - Virtual size: 239KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEIPMc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 1024B - Virtual size: 747B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ