mountmgr.pdb
Static task
static1
1 signatures
General
-
Target
173f4dcc4ad1331bae968b9a8e0cf3d7_JaffaCakes118
-
Size
76KB
-
MD5
173f4dcc4ad1331bae968b9a8e0cf3d7
-
SHA1
0da17a5d987aa1a69a3a7475a24e593132d402c7
-
SHA256
daab8b10454c3ef042d92175b0691bcbd6e7045128e60c9e0d5575434ee20883
-
SHA512
647561884e835008c91e230af4423b5386407d3c1154c2ccbe6e5152decf300fcbd5cd24b3230a96e02c98d6672609c2118734262105fdbc9c6017edc92d0a53
-
SSDEEP
1536:YNDWZYESLf9Wb/BSQp+zN8U5IID0Q2famtnvj5h1i:YRansFWdp+Jt5IHL1i
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 173f4dcc4ad1331bae968b9a8e0cf3d7_JaffaCakes118
Files
-
173f4dcc4ad1331bae968b9a8e0cf3d7_JaffaCakes118.sys windows:6 windows x86 arch:x86
26c34330a2a276ec68112753bce22e7c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
IoWMIWriteEvent
ExAllocatePoolWithTag
memcpy
memset
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlCompareMemory
IoWMIRegistrationControl
IofCompleteRequest
IofCallDriver
RtlPrefixUnicodeString
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ExUuidCreate
RtlStringFromGUID
RtlWriteRegistryValue
KeSetEvent
IoFreeWorkItem
ZwClose
ZwSetInformationFile
ZwWriteFile
ZwReadFile
IoSetThreadHardErrorMode
ZwCreateFile
RtlCreateSystemVolumeInformationFolder
KeWaitForSingleObject
IoQueueWorkItem
IoAllocateWorkItem
KeInitializeEvent
KeReleaseMutex
ZwQueryInformationFile
KeReleaseSemaphore
RtlQueryRegistryValues
ZwFsControlFile
ZwOpenFile
RtlDeleteRegistryValue
_vsnwprintf
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
IoGetDeviceObjectPointer
RtlCompareUnicodeString
FsRtlGetVirtualDiskNestingLevel
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
IoGetDeviceAttachmentBaseRef
ZwOpenKey
RtlUpcaseUnicodeChar
ZwWaitForSingleObject
ZwOpenEvent
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoCreateSymbolicLink
IoDeleteSymbolicLink
ObIsDosDeviceLocallyMapped
IoUnregisterPlugPlayNotification
IoDeleteDevice
IoUnregisterShutdownNotification
ExQueueWorkItem
ZwQueryDirectoryFile
memmove
ObQueryNameString
IoFileObjectType
ZwQueryVolumeInformationFile
IoRegisterPlugPlayNotification
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
KeInitializeSemaphore
KeInitializeMutex
IoCreateDevice
RtlCreateRegistryKey
KeTickCount
KeBugCheckEx
ObReferenceObjectByHandle
IoReportTargetDeviceChangeAsynchronous
KeGetCurrentThread
EtwWrite
EtwUnregister
EtwEventEnabled
EtwProviderEnabled
EtwRegister
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 304B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ