E:\Hitopdevelop\ThinkSafeV6.0_X\HookDriverEx\Release\HookDrvEx.pdb
Static task
static1
1 signatures
General
-
Target
170f984907188a00d817767e42c8f29c_JaffaCakes118
-
Size
6KB
-
MD5
170f984907188a00d817767e42c8f29c
-
SHA1
e33fbf37cebe9e93eb301be84dde2a74078ec37e
-
SHA256
d57ab085673a27d3d79331cef77532eede5570a3379f6a20eeecf7f21f00c26f
-
SHA512
68eaed4e6148fc7e5b65ae9dcc01a42d9a958085248fb5f045f248b912286cdde41eb49d255bcf679049da8395b3f04e2abb6ea89372a1bcad98cd73c19bd618
-
SSDEEP
96:GrVlOFNxN1hr0XIF4XC8r0SpUxhmxSA6204Nq:iW3xnR0XICN0ZzmPwCq
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 170f984907188a00d817767e42c8f29c_JaffaCakes118
Files
-
170f984907188a00d817767e42c8f29c_JaffaCakes118.sys windows:5 windows x86 arch:x86
dc91ee45f62da0297f6f65ec5f054a0f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
ObfDereferenceObject
ZwAllocateVirtualMemory
KeAttachProcess
KeDetachProcess
ObReferenceObjectByHandle
KeServiceDescriptorTable
KeDelayExecutionThread
ZwCreateKey
RtlInitUnicodeString
PsCreateSystemThread
_except_handler3
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
MmFreeNonCachedMemory
memset
MmAllocateNonCachedMemory
ZwSetValueKey
KeInitializeEvent
hal
KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfLowerIrql
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 350B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ