f:\winddk\demo\_netbot\i386\RiSing.pdb
Static task
static1
1 signatures
General
-
Target
71545e4b6260385dfe848a4083b12bc1_JaffaCakes118
-
Size
3KB
-
MD5
71545e4b6260385dfe848a4083b12bc1
-
SHA1
ce6d76e366d69c7774dc5b517c3781661cb4f9c4
-
SHA256
973d1d6f2b8193002f9852b4a8e0f900be5b13ee8156d2b24b6e1adfda9e2393
-
SHA512
4cc83fc30c20aa81c2d01fd49ad57c4a1a907f49aff418bc96c1ce37ae18e641f13204ad0e632f84f8166d2a3140b691b83391ea036c6bde57b8eaed971689de
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 71545e4b6260385dfe848a4083b12bc1_JaffaCakes118
Files
-
71545e4b6260385dfe848a4083b12bc1_JaffaCakes118.sys windows:6 windows x86 arch:x86
e4135bd86bbacd8529b9f09fe38ae397
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
RtlUnwind
KeBugCheckEx
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 402B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ