c:\users\icyheart\docume~1\visual~1\projects\download\create~1\objfre_wxp_x86\i386\CreateHook.pdb
Static task
static1
1 signatures
General
-
Target
8c0f5ece6963bc1e86a5f7342336b78a_JaffaCakes118
-
Size
6KB
-
MD5
8c0f5ece6963bc1e86a5f7342336b78a
-
SHA1
000a57d8aad4bba3ecdd9d396c700def2fdbeb19
-
SHA256
6ba7a7c04c05c7b3f958e5d02c598c5e90d7f5d4cbcc7fd525b7e33864a09f41
-
SHA512
aec3d15d587440e18ab89adfe220e098bd5953e4083281964352895be1b75431bebf175c4b902086e6769cc24c363eb4fd38fbfdea4c675cf699c2041b8a7553
-
SSDEEP
96:rBV08f8mKSR3ez9qflAjef13Cv1OXU5P:rBV08f8fSR37+js13Cv1Ok5P
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8c0f5ece6963bc1e86a5f7342336b78a_JaffaCakes118
Files
-
8c0f5ece6963bc1e86a5f7342336b78a_JaffaCakes118.sys windows:6 windows x86 arch:x86
5dc5e1879517add633136b415416e9f4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
strchr
DbgPrint
RtlCompareString
RtlInitString
ZwClose
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
RtlFreeAnsiString
ObfDereferenceObject
RtlUnicodeStringToAnsiString
ObReferenceObjectByHandle
memcpy
KeServiceDescriptorTable
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 442B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 610B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 256B - Virtual size: 186B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ