C:\sys\i386\agony.pdb
Static task
static1
1 signatures
General
-
Target
627491169f35f81a5608a28bef261fd9_JaffaCakes118
-
Size
11KB
-
MD5
627491169f35f81a5608a28bef261fd9
-
SHA1
26c225c1b014f62dbfbaabc7bda85df0d098d08d
-
SHA256
270f66d646e685c87708eeffa6df6063afac0fdc16ae7dfeeee1b8809854fc37
-
SHA512
ce1e57ef607ccc6885ed1bf1106493748202b128dcfc5c6f5ac0a01aec8a34d5681ad573f9e068c361434bba5b2e8644941fa743e3cefebceb25982bc5ca9d9a
-
SSDEEP
96:M7h7gR12FnaIj29a8nuGY7zFe+p6/xunolosMt/oR4Nh1U:qhS8Fadte7xe6NoW6K+
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 627491169f35f81a5608a28bef261fd9_JaffaCakes118
Files
-
627491169f35f81a5608a28bef261fd9_JaffaCakes118.sys windows:5 windows x86 arch:x86
f9379e4e70759ed0a4b28f88f1b1c760
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
IoFreeMdl
MmUnmapLockedPages
ZwQueryVolumeInformationFile
ZwDeviceIoControlFile
ZwQueryDirectoryFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
IofCompleteRequest
ExAllocatePoolWithTag
wcslen
IoCreateSymbolicLink
IoCreateDevice
ZwClose
ObReferenceObjectByHandle
ZwOpenProcess
_strnicmp
MmIsAddressValid
KeDetachProcess
MmHighestUserAddress
ZwQueryInformationProcess
KeAttachProcess
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 202B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 760B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 416B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ