csrss.pdb
Static task
static1
1 signatures
General
-
Target
148594b455706bd38712dd129b3674a1_JaffaCakes118
-
Size
1.2MB
-
MD5
148594b455706bd38712dd129b3674a1
-
SHA1
0e3111b1dddb94182253b1387675aa5bcb69050f
-
SHA256
729c225d62e3138e07e860bdd4a32e4d6a19a059672859ea3fea5e277583c723
-
SHA512
23a7857c451327b34ee14058b2b593c97ffc48b8a2af9590e0727fae310aae6e51a32c82f7f79689342cbb28937b2abe3bcdcd1279180e42ae9903f370038cf3
-
SSDEEP
24576:LP4tP4r7CWlTJissd7pB4qBLi5lKG6+VH35DMw2n/qIjtAT3G:xCWlIssZLi5lKr+l35DMnCIjtAy
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 148594b455706bd38712dd129b3674a1_JaffaCakes118
Files
-
148594b455706bd38712dd129b3674a1_JaffaCakes118.sys windows:10 windows x64 arch:x64
a96fa9912e09e361274ad77f1a4b252c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtSetInformationProcess
RtlSetHeapInformation
NtTerminateProcess
RtlSetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
NtTerminateThread
RtlCaptureContext
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
isspace
csrsrv
CsrUnhandledExceptionFilter
CsrServerInitialization
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ