c:\hideprocesshookmdl\sys\i386\hideprocess.pdb
Static task
static1
1 signatures
General
-
Target
6fd107215f01431a928a643cca843791_JaffaCakes118
-
Size
2KB
-
MD5
6fd107215f01431a928a643cca843791
-
SHA1
a1b0ae0455f2cd3fc4d447d055621993c53fe74c
-
SHA256
b531c9b8b4468c2d72ef83ca1b321df264a0ee734d86e405589cf23943e6e5d9
-
SHA512
6e1adefb8fa066a3cbd7d5a8c4b8657cb5919fbf1b959372f078930c851881e0ce34957b5ef9aa5118495729b431dfd1c73afbd7bc7cc0ec0b0f03ed5766a31c
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6fd107215f01431a928a643cca843791_JaffaCakes118
Files
-
6fd107215f01431a928a643cca843791_JaffaCakes118.sys windows:6 windows x86 arch:x86
8642fd182ee3c21675208e2f524072c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeMdl
MmUnmapLockedPages
ZwQuerySystemInformation
DbgPrint
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
KeTickCount
Sections
.text Size: 640B - Virtual size: 574B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 147B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 340B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ