c:\programs\remover2\restore\objfre_w2k_x86\i386\restore.pdb
Static task
static1
1 signatures
General
-
Target
24477582f7b63c682b398acce018cc21_JaffaCakes118
-
Size
8KB
-
MD5
24477582f7b63c682b398acce018cc21
-
SHA1
b15b54980da8ea3fb855d7b2cf383390ca31e668
-
SHA256
4e580aa9975ad89738babe38ad0b065c18a33aeb429298380972f308560071cc
-
SHA512
be646036119cb69f7ff563abeb5f2a3a3ef4fa9b8224609eb2c1056df1ab8a505b74347e0775814eb1c6d150d2366d3a452edaaf18343ff18252c6a455987621
-
SSDEEP
192:2G/t3pGb5rtNKnEy6ozmUJm4b3hEwGvdqHS3p0/Xr:55pwvNyXXmU74vdqH5b
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 24477582f7b63c682b398acce018cc21_JaffaCakes118
Files
-
24477582f7b63c682b398acce018cc21_JaffaCakes118.sys windows:6 windows x86 arch:x86
0ba2cb7498834953f81bd2453ce71718
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
RtlAnsiStringToUnicodeString
RtlInitString
ExAllocatePool
ZwQuerySystemInformation
memset
memcpy
ZwClose
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
NtBuildNumber
KeServiceDescriptorTable
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
KeTickCount
KeBugCheckEx
RtlUnwind
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 324B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 256B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 586B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 184B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ