C:\WINDDK\3790~1.183\drv\objfre_wxp_x86\i386\cabasso.pdb
Static task
static1
1 signatures
General
-
Target
d4bbcf9f9420ea650b4c70186c80d655_JaffaCakes118
-
Size
13KB
-
MD5
d4bbcf9f9420ea650b4c70186c80d655
-
SHA1
5b95f83b45be2d81816f7b9ae9324729555e3ebf
-
SHA256
4154afc72b20660954bf6a90d05c4c30936692c989414539c504bfca0fe2c5a3
-
SHA512
4ece49b3b79ff2a5bfda01a26b98e5dc44ef0b761a5f365ea16f39cc80955078aa222e1a9224918fbec5b87543c9cd9a62f83f99e8f3e73edc32783666439c7e
-
SSDEEP
192:NyGkwFJueF9ULovMAcNplHcjQaZ/XNcCkALuONM3+vlcdrw1tL3L:N8AcTMKA7E+orQdL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4bbcf9f9420ea650b4c70186c80d655_JaffaCakes118
Files
-
d4bbcf9f9420ea650b4c70186c80d655_JaffaCakes118.sys windows:5 windows x86 arch:x86
21021bcb8bd4abfb7ecef81a4049afed
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoDeleteSymbolicLink
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwClose
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
IoAllocateIrp
IoDeleteDevice
hal
KeGetCurrentIrql
Sections
.text Size: 1024B - Virtual size: 970B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 205B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 768B - Virtual size: 666B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ