f:\setting\desktop\xbuilder\sys\i386\RESSDT.pdb
Static task
static1
1 signatures
General
-
Target
b2e266d1adf43d95472248146f3ce001_JaffaCakes118
-
Size
16KB
-
MD5
b2e266d1adf43d95472248146f3ce001
-
SHA1
9adc630e40e2476d8a5cc52ee1bb474ebe77a315
-
SHA256
39b38f91dc39266481b33f3ee5a7b1f7a77500625d367e63f5949b215446c818
-
SHA512
1a68548c6d23f6e9b71d45f2a16ef00e8835bc96bcbe66b60e2e40a9e6a115c750f2322e76e0849850da6c0dee477dd022b8a582a9c2cf26a6e495257659ef44
-
SSDEEP
192:yp5NVM2lFo7YkYyMde+qoUiidmGnuOKcfq80L:gNVM2lFo7YTn1idmGnuOKcC80L
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b2e266d1adf43d95472248146f3ce001_JaffaCakes118
Files
-
b2e266d1adf43d95472248146f3ce001_JaffaCakes118.sys windows:5 windows x86 arch:x86
827ca326a7b8dd460d7d11810f71dbcd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlFreeUnicodeString
ZwClose
ZwReadFile
ZwSetInformationFile
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx
Sections
.text Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 454B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ