serial.pdb
Static task
static1
1 signatures
General
-
Target
2f0817b4510d1fc6eb5220a2b3c709a9_JaffaCakes118
-
Size
64KB
-
MD5
2f0817b4510d1fc6eb5220a2b3c709a9
-
SHA1
dd6d8032d8d098303caad655cc6ee4b4fd3ca8c5
-
SHA256
f4b3f5e48bd695b0cf3b59bb9ad52fbfb7af973fdfa6aef2dd1099473e834e6e
-
SHA512
c9ae6ecea3d02205e03aa02aad51ae280d9c99fcf6d1910139c926f7a7324f00de8885c807b3dfa0d8568fe4fa21e7d722c8584d70e55143a17da260abe1d5fc
-
SSDEEP
768:0/NA29vprT5RIvVHBcq1F0hhovzSEAAzMQTBHaje10JyBaUfPOSpgnWTuFfipp:YNA29vZyhcMjb/QCtNfkCOfi/
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f0817b4510d1fc6eb5220a2b3c709a9_JaffaCakes118
Files
-
2f0817b4510d1fc6eb5220a2b3c709a9_JaffaCakes118.sys windows:5 windows x86 arch:x86
2da71861ca7a4f2be76f7e4a7ea53551
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
hal
WRITE_PORT_BUFFER_UCHAR
KfReleaseSpinLock
HalTranslateBusAddress
HalGetInterruptVector
ExAcquireFastMutex
ExReleaseFastMutex
WRITE_PORT_UCHAR
KdComPortInUse
READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
ntoskrnl.exe
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
ExAllocatePoolWithTag
DbgBreakPoint
KeInitializeSpinLock
memmove
PoSetPowerState
KeWaitForSingleObject
ExAllocatePoolWithQuotaTag
_except_handler3
KeInsertQueueDpc
KeDelayExecutionThread
MmLockPagableSectionByHandle
MmQuerySystemSize
KeQuerySystemTime
KeSetEvent
KeSetTimer
IofCallDriver
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeCancelTimer
IoInvalidateDeviceState
IoQueryDeviceDescription
ZwClose
IoDetachDevice
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
wcslen
RtlInitUnicodeString
KeInitializeEvent
IoCreateDevice
RtlIntegerToUnicodeString
IoAttachDeviceToDeviceStack
IoConnectInterrupt
RtlQueryRegistryValues
ZwQueryValueKey
ZwSetValueKey
ZwEnumerateKey
IoReportDetectedDevice
ZwOpenKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
KeTickCount
KeBugCheckEx
IoDeleteDevice
IoGetConfigurationInformation
IoWMIRegistrationControl
IoDisconnectInterrupt
KeRemoveQueueDpc
MmUnmapIoSpace
MmMapIoSpace
MmLockPagableDataSection
ExFreePoolWithTag
MmUnlockPagableImageSection
_allmul
IoAcquireCancelSpinLock
KeSynchronizeExecution
IoReleaseCancelSpinLock
IoOpenDeviceRegistryKey
IofCompleteRequest
wmilib.sys
WmiSystemControl
WmiCompleteRequest
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 484B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 384B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGESRP0 Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESER Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ