c:\driver\builddriver_beta_new6\tempcode\objfre_wlh_amd64\amd64\RTKVHD64.pdb
Static task
static1
1 signatures
General
-
Target
42b4b2398911bf49e00280090d351305_JaffaCakes118
-
Size
6.7MB
-
MD5
42b4b2398911bf49e00280090d351305
-
SHA1
5a64d5eea73460526179fb6100162d5e296ff9b0
-
SHA256
b424051276a70486d4cce1dec43a304bfa14148fb308499dbabaf3ef9104565f
-
SHA512
3538d5e564e70f89d28a113ab46dd5f248e6500ec1ee43b1afbe42e02cbf87c8556d9214d483212718b10740cbf2550560f559146c83fa10e8f3dfd912b45dca
-
SSDEEP
49152:XVDR546awgxs4pESOTXBe4bLqBv9LE4JxJ8j98bz8SqWI60b68WT/b+rSmPxvUPb:XTLTwtqWWxvEkUg7a3Ghnu2u0qyiAc1
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 42b4b2398911bf49e00280090d351305_JaffaCakes118
Files
-
42b4b2398911bf49e00280090d351305_JaffaCakes118.sys windows:6 windows x64 arch:x64
52cba6acc4882a8e206bf432edba70e0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
IoFreeWorkItem
RtlQueryRegistryValues
IoCancelIrp
ObfReferenceObject
KeWaitForMultipleObjects
IoWriteErrorLogEntry
KeDelayExecutionThread
ObfDereferenceObject
IoFreeMdl
PsTerminateSystemThread
EtwUnregister
PoRequestPowerIrp
ObReferenceObjectByHandle
IoAllocateWorkItem
IofCallDriver
ExAcquireFastMutex
IoAllocateErrorLogEntry
wcsstr
EtwRegister
RtlInitUnicodeString
PsCreateSystemThread
IoInvalidateDeviceRelations
MmMapLockedPagesSpecifyCache
ExCreateCallback
IoGetDeviceObjectPointer
_vsnwprintf
ExUnregisterCallback
KeSetPriorityThread
IoQueueWorkItem
DbgBreakPoint
IoBuildDeviceIoControlRequest
ExSystemTimeToLocalTime
IoFreeIrp
ZwOpenKey
_vsnprintf
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeSetTimerEx
KeFlushQueuedDpcs
KeInitializeTimerEx
KeCancelTimer
KeRemoveQueueDpc
KeInitializeDpc
_purecall
KeBugCheckEx
ZwDeleteValueKey
ZwSetValueKey
IoRegisterDeviceInterface
IoOpenDeviceInterfaceRegistryKey
ZwCreateKey
KeInitializeSemaphore
MmGetSystemRoutineAddress
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlWriteRegistryValue
RtlStringFromGUID
IoAllocateMdl
ExAllocatePool
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwReadFile
IoWMIRegistrationControl
IoWMIWriteEvent
IoSetDeviceInterfaceState
MmUnmapLockedPages
ExEventObjectType
ZwQueryInformationFile
RtlTimeFieldsToTime
RtlDeleteRegistryValue
strstr
RtlCreateRegistryKey
ZwWriteFile
KeClearEvent
DbgPrint
MmMapIoSpace
MmUnmapIoSpace
IoWMIQueryAllData
IoWMIOpenBlock
ZwEnumerateKey
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
RtlCheckRegistryKey
ExFreePoolWithTag
KeReleaseSemaphore
ObReferenceObjectByPointer
IoCreateSynchronizationEvent
IoRegisterPlugPlayNotification
mbstowcs
ZwSetInformationFile
MmProbeAndLockPages
atoi
MmUnlockPages
RtlEqualUnicodeString
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateEvent
KeReadStateEvent
KeReleaseSpinLockFromDpcLevel
KeReleaseGuardedMutex
KeAcquireSpinLockAtDpcLevel
KeInitializeGuardedMutex
KeAcquireGuardedMutex
isspace
KeQueryTimeIncrement
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitString
wcschr
KeInitializeEvent
IoUnregisterPlugPlayNotification
ExReleaseFastMutex
RtlRaiseException
ZwOpenFile
__chkstk
MmIsAddressValid
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
RtlCompareMemory
KeResetEvent
ExRegisterCallback
EtwWrite
ZwClose
IoGetDeviceInterfaces
RtlTimeToTimeFields
IoAllocateIrp
ZwQueryValueKey
KeReleaseMutex
KeSetEvent
KeInitializeMutex
KeWaitForSingleObject
ExAllocatePoolWithTag
IofCompleteRequest
ExFreePool
RtlUnwindEx
hal
KeQueryPerformanceCounter
KeStallExecutionProcessor
portcls.sys
PcAddAdapterDevice
PcRegisterAdapterPowerManagement
PcInitializeAdapterDriver
PcDispatchIrp
PcRegisterSubdevice
PcRegisterPhysicalConnection
PcNewPort
PcNewRegistryKey
PcForwardIrpSynchronous
ksecdd.sys
BCryptEncrypt
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptFinalizeKeyPair
BCryptExportKey
BCryptImportKeyPair
BCryptDestroyKey
BCryptHashData
BCryptGenerateKeyPair
BCryptFinishHash
BCryptGenRandom
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptSetProperty
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
TEXT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
CODE Size: 236KB - Virtual size: 235KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 364KB - Virtual size: 364KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 506KB - Virtual size: 723KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ