e:\我的软件\gh
Static task
static1
1 signatures
General
-
Target
db4884c97081a99e16d479e610c25e2f_JaffaCakes118
-
Size
3KB
-
MD5
db4884c97081a99e16d479e610c25e2f
-
SHA1
f8c675d6b4083c20bf5d86f93756ceb460417d76
-
SHA256
049342ac614ae520b059c88fd089fd0dfbab85acf53815cf07be24472575ec78
-
SHA512
8f2de979c32a030d74fb2d571c6ea7332ac25979d910b68e88c1e7430fa4021a7b65ccec225ddc11478dff483af7540a6c4d88af7175c2171d1daed9b0e6d044
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource db4884c97081a99e16d479e610c25e2f_JaffaCakes118
Files
-
db4884c97081a99e16d479e610c25e2f_JaffaCakes118.sys windows:5 windows x86 arch:x86
b4e994c7767c98757247d48a667de7e2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoDeleteDevice
DbgPrint
IoDeleteSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
Sections
.text Size: 768B - Virtual size: 712B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 418B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ