c:\winddk\demo\repairssdt\bin\i386\RepairSSDT.pdb
Static task
static1
1 signatures
General
-
Target
b0b0d192759b2d0cc9b76a2790f134cf_JaffaCakes118
-
Size
16KB
-
MD5
b0b0d192759b2d0cc9b76a2790f134cf
-
SHA1
1e64f4d1d0d457e0dd54d77f032177e9f2fa75e7
-
SHA256
2704e393e03dda20510d922bf1c7cabf6e2b272ead59c572b6487604f92e088e
-
SHA512
f622556a12e9e8f223b39687601704bb18342b3a0b533df1bf8dd72c84a76a0a99c94ab85ec61d66cdf452e2fe2bb7e0a91105a1a2a38e10120c70d0ada69ffc
-
SSDEEP
384:W5stUTfROv47SIVz2KgWLLz4Z/DUoA3It:W51ROy1VNz4Z/Dft
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b0b0d192759b2d0cc9b76a2790f134cf_JaffaCakes118
Files
-
b0b0d192759b2d0cc9b76a2790f134cf_JaffaCakes118.sys windows:6 windows x86 arch:x86
cd135e4a066ac902e2911fa6720bde40
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoIsWdmVersionAvailable
IoCreateDevice
KeTickCount
RtlUnwind
KeBugCheckEx
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 412B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ