E:\3790\ak922beta2\objfre_wxp_x86\i386\AK922.pdb
Static task
static1
1 signatures
General
-
Target
94fe3a72378e5f66c7c602e2d9cdea5e_JaffaCakes118
-
Size
7KB
-
MD5
94fe3a72378e5f66c7c602e2d9cdea5e
-
SHA1
8036ac65905bdab1dd6eaf214013d694c66ec3dd
-
SHA256
b1ade88e081caa0c0a04f22c2d38716a32ddefda24e7d53e70f6f32cec4aa237
-
SHA512
88c080c04376780b0072078489e2364d39dd77ecc77f673ddc499eb3a6778919832b5c32ba99ea067dc550348f307765d05ec460d4e78547d98373f6fc04be4c
-
SSDEEP
96:PntYsz7zPyM0z92gpzp7vxL/QnyUqt6Zf8hrXdtjJMgKoieO:/tYsz7Tylz92gpN7vUyUqtjMgdil
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 94fe3a72378e5f66c7c602e2d9cdea5e_JaffaCakes118
Files
-
94fe3a72378e5f66c7c602e2d9cdea5e_JaffaCakes118.sys windows:5 windows x86 arch:x86
ecd47a99d16d53b5948103c842a5159f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ObQueryNameString
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
_strnicmp
KeDetachProcess
ProbeForWrite
KeAttachProcess
_except_handler3
IoFreeIrp
IofCallDriver
_wcsnicmp
IoAllocateIrp
ExQueueWorkItem
IoGetCurrentProcess
IoThreadToProcess
memmove
IofCompleteRequest
IoDeleteDevice
IoCreateDevice
MmGetSystemRoutineAddress
KeQueryInterruptTime
KeTickCount
KeQuerySystemTime
KeGetCurrentThread
ExFreePoolWithTag
hal
KeGetCurrentIrql
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 269B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 896B - Virtual size: 775B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 734B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ