d:\pspkiller\objchk_wxp_x86\i386\PspKiller.pdb
Static task
static1
1 signatures
General
-
Target
5f0371f77381c57bfba9b364adc33997_JaffaCakes118
-
Size
4KB
-
MD5
5f0371f77381c57bfba9b364adc33997
-
SHA1
c3ccc5708df50c7162c40afafb48d42117cf26ae
-
SHA256
24129b59c7053a1df85c2e8a25d0605133e5359a672a1166808733ff5fd9fc3f
-
SHA512
79e42f3892d495860eac438c256ff4be64923a80c75cba697c342dc1c5e7909f73dc6f514e59e09be9a0d18daa6fe83c569251ec02184b5e1ea68ed158e1e108
-
SSDEEP
48:I5rJqQVAO1dYAoGEm3OWuwgP+iHItznshJ9gf3PVZ35fKH/wr1kB7seQIRrvTgeM:OjAoYAopzwgGQcnDfVZpfnxmslIj0
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5f0371f77381c57bfba9b364adc33997_JaffaCakes118
Files
-
5f0371f77381c57bfba9b364adc33997_JaffaCakes118.sys windows:5 windows x86 arch:x86
f697b2a073cf1d78640926db3502019d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
PsCreateSystemThread
PsTerminateSystemThread
ExFreePoolWithTag
ExAllocatePoolWithTag
IoDeleteDevice
IoCreateSymbolicLink
KeWaitForSingleObject
IoDeleteSymbolicLink
IofCompleteRequest
ObfDereferenceObject
PsLookupProcessByProcessId
KeTickCount
RtlInitUnicodeString
IoCreateDevice
MmGetSystemRoutineAddress
hal
KfRaiseIrql
KeGetCurrentIrql
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 179B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 644B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 166B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ