e:\driverex\i386\Driver.pdb
Static task
static1
1 signatures
General
-
Target
b08c1b621f32c7ee0defb83a70842384_JaffaCakes118
-
Size
3KB
-
MD5
b08c1b621f32c7ee0defb83a70842384
-
SHA1
c140506c546ead8f7255e21538dd057000e5e35b
-
SHA256
825a11a57854c5f8a505f408261cae926ae186dc8e0d52e0d8dc9cf08f9284fb
-
SHA512
e8d1606c5651f98fe7b3394760b14b8ce3887b6171506cdb808e10287ea07c6d8fab14d53ce91128d82c6601327f143fee2456ded030ce3723f73512fe5e3787
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b08c1b621f32c7ee0defb83a70842384_JaffaCakes118
Files
-
b08c1b621f32c7ee0defb83a70842384_JaffaCakes118.sys windows:5 windows x86 arch:x86
972d9960a5503aad373cdcdcadc556f4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ZwTerminateProcess
ExFreePoolWithTag
KeServiceDescriptorTable
ObfDereferenceObject
KeInsertQueueApc
KeInitializeApc
ExAllocatePoolWithTag
ObReferenceObjectByPointer
PsThreadType
PsLookupThreadByThreadId
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
KeBugCheckEx
Sections
.text Size: 896B - Virtual size: 838B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 728B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 142B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ