f:\winddk\demo\_darkshell\i386\DarkTest.pdb
Static task
static1
1 signatures
General
-
Target
aecaba4a43f9f3bbfb4a81f1e4355d9b_JaffaCakes118
-
Size
4KB
-
MD5
aecaba4a43f9f3bbfb4a81f1e4355d9b
-
SHA1
a8e2d8482a7b226550691a85eaba1be246b78683
-
SHA256
5e4d25824936afa2897630489b17918a23430bd19a9e955ba90f1de2a62640ad
-
SHA512
b57fffa4cc700b232f6fce16fb5e88d3227b38a6c86988c9eda6ada474cb3cfc17a060d17e5bf4ee1e6e869d707cc5d702435f4a5aafd020a09f371dd1efe956
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource aecaba4a43f9f3bbfb4a81f1e4355d9b_JaffaCakes118
Files
-
aecaba4a43f9f3bbfb4a81f1e4355d9b_JaffaCakes118.sys windows:6 windows x86 arch:x86
d64d949c7aeef1ecc8baba73f5d0be0b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
ProbeForRead
KeServiceDescriptorTable
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
memmove
RtlInitUnicodeString
KeTickCount
RtlUnwind
KeBugCheckEx
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 416B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ