f:\winddk\demo\_netbot\i386\RiSing.pdb
Static task
static1
1 signatures
General
-
Target
a20406209a7b8e9b11d51c64bd6c7a02_JaffaCakes118
-
Size
2KB
-
MD5
a20406209a7b8e9b11d51c64bd6c7a02
-
SHA1
6db3ccf9c5d6e2bf668d6fc67c0bd80ec344604c
-
SHA256
a0d7ac104d987d7c62e868956771378ff06f731a7a88e891fcfe93e896be76a9
-
SHA512
e87b8cecc82b7c7a32996f0f62be2156dd3c68258eb9071ec6e8a517b664a4698a001c7e91ff5ea7670e06c7f45c4a0d72529a83c6e98065d945eb1c40063d2a
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a20406209a7b8e9b11d51c64bd6c7a02_JaffaCakes118
Files
-
a20406209a7b8e9b11d51c64bd6c7a02_JaffaCakes118.sys windows:5 windows x86 arch:x86
7b09f89a12316b7f7ee5502774a60051
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
Sections
.text Size: 768B - Virtual size: 712B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 378B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 102B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ