C:\Data\Hack\Progs\driver\objfre\i386\driver.pdb
Static task
static1
General
-
Target
2880c7a60c17e3740b7d57d0847b1575_JaffaCakes118
-
Size
41KB
-
MD5
2880c7a60c17e3740b7d57d0847b1575
-
SHA1
5443dc07ffbc4819bdfef2921b8f0b5bcff93f09
-
SHA256
29de969ef0189227557822b035bcc43d3588978accdb6a399aa37a446f8b4637
-
SHA512
8bfa7afe9ab046b987bfe27aeb760ba6f91f6ccb52375cf19e4ffab53d31e173e6e50a0897afef0fd6900309af034e1da0a360ad413ef5ae35a3351f0aea436b
-
SSDEEP
768:Fk+U0cExwXO1TT0kVmqCSk5/SBqk+nKLn1o5K9ad/xuONlOuK0dZlxjkYTzm55:Fk+xtoxSIsLn1ogg/V0gxwyzM5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2880c7a60c17e3740b7d57d0847b1575_JaffaCakes118
Files
-
2880c7a60c17e3740b7d57d0847b1575_JaffaCakes118.sys windows:5 windows x86 arch:x86
ec9d5a138ad9c254244ea6b30167ffd3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObQueryNameString
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
IofCompleteRequest
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 181B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 540B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 134B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ