e:\eclipse\branch\botnet\1.020\drivers\Bin\i386\kernel.pdb
Static task
static1
1 signatures
General
-
Target
534be7271c9cd08c3f8641889da0f91e_JaffaCakes118
-
Size
39KB
-
MD5
534be7271c9cd08c3f8641889da0f91e
-
SHA1
6eab93375e1e3e9c170b16d1316a0c70e26c0138
-
SHA256
6da2c352c6c5cbf2e98f22ffebe5610f78430bc164f60941d290cb731b294693
-
SHA512
798db4d171f524ac67b56249046d4d803f56da1278465dda98933bd1f271fabc42e2e9cf2bbdc363726546f8bc4b812bcaa737d76d3712ebbdb59688f56d09e5
-
SSDEEP
768:6B5ZsaEvuh8DRBp9e1miumGHSQJXhe/5gVJpYyDxwSS9WCLHH5:6RDEvsHCOksn5
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 534be7271c9cd08c3f8641889da0f91e_JaffaCakes118
Files
-
534be7271c9cd08c3f8641889da0f91e_JaffaCakes118.sys windows:5 windows x86 arch:x86
b5a393f5624f40c78d76140089737a5f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCallDriver
IoRegisterShutdownNotification
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ObfReferenceObject
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoCreateFile
RtlInitUnicodeString
IoAttachDevice
ExAllocatePoolWithTag
ExFreePool
ZwEnumerateKey
_except_handler3
KeServiceDescriptorTable
isspace
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
_purecall
KeSetEvent
ZwClose
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlQueryRegistryValues
PsGetVersion
RtlCopyUnicodeString
ZwCreateKey
ZwQueryValueKey
wcscmp
wcscpy
wcslen
ZwDeleteKey
ZwEnumerateValueKey
ZwDeleteValueKey
ZwOpenKey
wcscat
ZwFlushKey
InterlockedExchange
_stricmp
ZwReadFile
PsTerminateSystemThread
KeSetPriorityThread
PsCreateSystemThread
ObfDereferenceObject
RtlWriteRegistryValue
RtlCreateRegistryKey
swprintf
RtlDeleteRegistryValue
strcmp
ObQueryNameString
ObReferenceObjectByName
IoDriverObjectType
IoFreeIrp
InterlockedIncrement
ObInsertObject
KeGetCurrentThread
IoAllocateIrp
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCreateAccessState
KeInitializeSpinLock
ObCreateObject
IoFileObjectType
KeResetEvent
IoFreeMdl
MmUnlockPages
IoCancelIrp
MmProbeAndLockPages
IoAllocateMdl
KeWaitForMultipleObjects
strlen
_vsnprintf
_aulldiv
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeTickCount
KeBugCheckEx
memcpy
IofCompleteRequest
ZwSetValueKey
memset
strncpy
RtlCompareMemory
KeInitializeMutex
KeReleaseMutex
ZwWriteFile
KeQuerySystemTime
_allmul
strchr
hal
KfRaiseIrql
KeGetCurrentIrql
KfLowerIrql
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 896B - Virtual size: 772B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEDATA Size: 128B - Virtual size: 13B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ