D:\bj\KillProcess\objfre\i386\Driver.pdb
Static task
static1
1 signatures
General
-
Target
3482b67345b7c51ae4d67cac406f024b_JaffaCakes118
-
Size
1KB
-
MD5
3482b67345b7c51ae4d67cac406f024b
-
SHA1
955b6bb65d94d8333d49364ce525c66b3a4bbf5d
-
SHA256
d4aa80f3184bc2bfc17272e21a14eb6f357884455f5869f33b81931141497893
-
SHA512
7f5a6e5405fa7f984b54f52bdd578c94df19bcf42847f7588c66a7e3a59748e00fad54ae1b864cff9427adb540dbdac74b0376dd7c2f5261c30a949682895822
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3482b67345b7c51ae4d67cac406f024b_JaffaCakes118
Files
-
3482b67345b7c51ae4d67cac406f024b_JaffaCakes118.sys windows:5 windows x86 arch:x86
a94f8faa78b398502ce6c362bc6011e0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwClose
ZwTerminateProcess
ZwOpenProcess
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
Sections
.rdata Size: 128B - Virtual size: 125B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 128B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 490B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ