msfsio.pdb
Static task
static1
1 signatures
General
-
Target
8ae8450bd18d2595474df206444ae589_JaffaCakes118
-
Size
5KB
-
MD5
8ae8450bd18d2595474df206444ae589
-
SHA1
5e34d5bc2caf0bfa80898655ac7524361878edbf
-
SHA256
471f08037df1e3bb88045dcab54826549b1cb69c95b3d3d40ea71fe227ce414d
-
SHA512
6f697f635c2f5ba47820fb0a9634cef800aeb1d79ae02854ac29b385e0cda0d0854ec1e4ba8c091e7bd234319f278d98bc376b80e51881f98fcce50bdddafbd2
-
SSDEEP
96:u8PumgsA1kPqlORC6Tawaiw1F7uD5URWRXRWwQT:pu/rsalDWBRWL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8ae8450bd18d2595474df206444ae589_JaffaCakes118
Files
-
8ae8450bd18d2595474df206444ae589_JaffaCakes118.sys windows:5 windows x86 arch:x86
4fee02b30dfcf721dcb97505c901a629
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePool
ExAllocatePoolWithTag
ZwClose
ObReferenceObjectByHandle
IoFileObjectType
ExGetPreviousMode
IoCreateFile
RtlInitUnicodeString
ObfDereferenceObject
ks.sys
KsInitializeDriver
KsAcquireControl
KsReleaseControl
KsWriteFile
KsReadFile
KsPinGetParentFilter
KsGetPinFromIrp
KsQueryInformationFile
KsHandleSizedListQuery
Sections
.text Size: 128B - Virtual size: 55B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 143B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 640B - Virtual size: 550B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 384B - Virtual size: 258B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ