e:\0soft_v03\loader\rootkit\v1.0\driver\objfre_wxp_x86\i386\drive4.pdb
Static task
static1
1 signatures
General
-
Target
374553a8d6962f2118e06e497f32c227_JaffaCakes118
-
Size
29KB
-
MD5
374553a8d6962f2118e06e497f32c227
-
SHA1
dc24d94928e1e18d731fe70677f00240f78c79cf
-
SHA256
431c172a61679a5dc6ec4f7860a77d7651c7ef896ca8f7ddf53c2f5198f48769
-
SHA512
5ea44e6a727bdafdb59f2c8f196a40aaa682ae640294fa8444c337a139c5ccb5f7453370277336d6fbdc5eac9808faf67b7c4bf6c6a608a9be35bcd309779454
-
SSDEEP
768:OHSoVx/v7s+XgpzEmtXQJyE83PaLMqglF5vZ:OZVx7vXgKmadaa
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 374553a8d6962f2118e06e497f32c227_JaffaCakes118
Files
-
374553a8d6962f2118e06e497f32c227_JaffaCakes118.sys windows:6 windows x86 arch:x86
6276bdf625a7a4ec284978f65bc245d4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ord28532
ord28548
ord28572
ord28582
ord28612
ord28634
ord28654
ord28664
ord28678
ord28694
ord28712
ord28724
ord28744
ord28754
ord28788
ord28812
ord28830
ord28858
ord28886
ord28902
ord28924
ord28948
ord28960
ord28980
ord28998
ord29024
ord29056
ord29080
ord29118
ord29128
ord29150
ord29160
ord29194
ord29222
ord29248
ord29272
ord29290
ord29314
ord29338
ord29358
ord29392
ord29102
ord29426
ord29440
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 460B - Virtual size: 460B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 878B - Virtual size: 878B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ