d:\programs\siberia2\protect\objfre_wxp_x86\i386\protect.pdb
Static task
static1
1 signatures
General
-
Target
8e260b6369eeb318ec1541a18ebc0cf0_JaffaCakes118
-
Size
31KB
-
MD5
8e260b6369eeb318ec1541a18ebc0cf0
-
SHA1
e331acd9acb5292a6d9d4db5200a2c8229d31578
-
SHA256
d83e8a22933808f42d827f97e794c658ab46f86404d33293627641e57801b8dd
-
SHA512
e3f377820c4070980adefb0db2c66894ad15cd6b383bbc7f33167d9f1ddcc945cc1f26b7930fb321d0bd2775d73d75d75d5762bc330d720e59c1570fe02b6edd
-
SSDEEP
384:/leNbcEGEJ1R1DLX8gZrKVm2kUIwDot8qU4zuCAR9lWoCvuBkr/rgPnTM8xV2Bm8:koE9zR5r8gZuM2ZIwIbAjMRgv1V
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8e260b6369eeb318ec1541a18ebc0cf0_JaffaCakes118
Files
-
8e260b6369eeb318ec1541a18ebc0cf0_JaffaCakes118.sys windows:6 windows x86 arch:x86
b51d29b3530d25827573676942998e55
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
memcpy
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 145B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 256B - Virtual size: 156B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 110B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ