volsnap.pdb
Static task
static1
1 signatures
General
-
Target
171ffb953fc0cfa82b34931ee91d4d59_JaffaCakes118
-
Size
203KB
-
MD5
171ffb953fc0cfa82b34931ee91d4d59
-
SHA1
4a04150f58d4e969db195edf4850e4c6d998d803
-
SHA256
8bba5cc6af9779d46ae7b82ac4bb730f293003e012a549475b9b9776cb4277e9
-
SHA512
6f9e26333f1f756ed1c61954ffc2394134d807fdef6ceeb9da188c132a4c72637c2c21878e40e4c034308cf0fe2b162963f7819c4e9fdf34be6688503e49233c
-
SSDEEP
3072:TDwhrz3t8yeG85RV9KHPlo05yeRo+dBw7zNBGyeBz0LDLba:TDwhrrtOGSV0HC00s6JAyeB6La
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 171ffb953fc0cfa82b34931ee91d4d59_JaffaCakes118
Files
-
171ffb953fc0cfa82b34931ee91d4d59_JaffaCakes118.sys windows:6 windows x86 arch:x86
3f96b9f547dc28511bd50be35e292f93
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
PsGetCurrentThread
KeWaitForSingleObject
KeReleaseSemaphore
MmBuildMdlForNonPagedPool
IoSetIoPriorityHint
ExFreePoolWithTag
IoFreeMdl
IoAllocateIrp
IoAllocateMdl
ExAllocatePoolWithTag
IoFreeIrp
RtlCompareMemory
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
RtlQueryRegistryValues
memset
ZwCreateKey
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
RtlStringFromGUID
memcpy
ObfDereferenceObject
ExQueueWorkItem
IofCompleteRequest
IoCallDriverStackSafe
_allshr
KeSetEvent
ZwQueryVolumeInformationFile
ZwFsControlFile
_allmul
_alldiv
ZwQueryInformationFile
ZwSetInformationFile
IoDeleteSymbolicLink
IoGetIoPriorityHint
MmMapLockedPagesSpecifyCache
IoFileObjectType
RtlGetAce
RtlEqualSid
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
ZwQuerySecurityObject
KeQueryTimeIncrement
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoReleaseCancelSpinLock
KeResetEvent
IoAcquireCancelSpinLock
RtlAppendUnicodeStringToString
RtlCreateSystemVolumeInformationFolder
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlCreateSecurityDescriptor
ZwOpenFile
ZwReadFile
KeReleaseMutex
RtlEnumerateGenericTableAvl
RtlFindNextForwardRunClear
RtlInitializeBitMap
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
SeCaptureSubjectContext
MmLockPagableDataSection
MmUnlockPages
ZwUnmapViewOfSection
RtlEqualUnicodeString
RtlClearBits
IoBuildPartialMdl
ObfReferenceObject
KeTickCount
IoGetDeviceObjectPointer
ZwSetValueKey
PsGetThreadProcessId
ObReferenceObjectByHandle
EtwWrite
EtwEventEnabled
PsGetThreadId
KeCancelTimer
KeSetTimer
ExReInitializeRundownProtectionCacheAware
ExWaitForRundownProtectionReleaseCacheAware
ExReleaseRundownProtectionCacheAware
PoCallDriver
PoStartNextPowerIrp
ExAcquireRundownProtectionCacheAware
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
memmove
IoVolumeDeviceToDosName
ZwWaitForSingleObject
ZwOpenEvent
IoStopTimer
ExAllocatePoolWithTagPriority
KeReadStateEvent
IoGetAttachedDeviceReference
ZwCreateFile
IoBuildSynchronousFsdRequest
IoInvalidateDeviceRelations
FsRtlIsTotalDeviceFailure
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
ZwSetInformationThread
PsCreateSystemThread
IoDetachDevice
IoInitializeTimer
ExUuidCreate
KeInitializeDpc
KeInitializeTimer
ExInitializeRundownProtectionCacheAware
KeInitializeSemaphore
IoAttachDeviceToDeviceStack
IoDeleteDevice
IoGetDriverObjectExtension
IoCreateDevice
ExSizeOfRundownProtectionCacheAware
IoStartTimer
RtlSetBits
_allrem
ZwMapViewOfSection
ZwCreateSection
KeLeaveCriticalRegion
KeEnterCriticalRegion
MmProbeAndLockPages
RtlGUIDFromString
ZwQueryDirectoryFile
IoForwardIrpSynchronously
ObReleaseObjectSecurity
ObSetSecurityObjectByPointer
ObGetObjectSecurity
RtlInitializeGenericTableAvl
IoCreateSymbolicLink
ZwDuplicateObject
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoGetDeviceProperty
IoUnregisterPlugPlayNotification
IoRegisterPlugPlayNotification
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
PoRegisterPowerSettingCallback
EtwRegister
KeInitializeMutex
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
IoRegisterBootDriverReinitialization
IoRegisterDriverReinitialization
IoAllocateDriverObjectExtension
RtlClearBit
RtlSetBit
RtlNumberOfSetBits
RtlAreBitsClear
RtlAreBitsSet
KeBugCheckEx
RtlUnwind
InterlockedPushEntrySList
KeQuerySystemTime
InterlockedPopEntrySList
_aulldvrm
RtlAnsiCharToUnicodeChar
DbgPrint
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGELK Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ