c:\drvprojects\hideprocesshookmdl\hideprocesshookmdl\objfre_wnet_x86\i386\mprhp.pdb
Static task
static1
1 signatures
General
-
Target
d990c5d09e68a13de5b8afc997f4966a_JaffaCakes118
-
Size
4KB
-
MD5
d990c5d09e68a13de5b8afc997f4966a
-
SHA1
d300e1a84fcf0e296d4659b25aedfa6fa603388c
-
SHA256
846afda51edec09202209ae74575131ba558cbdfcf24fe4506a233054276ca49
-
SHA512
634c409651418e54ef80cd3b001aeee70f4aa27f5e9ec01fe50caa38a0e37fe33e7a6cce0068a9fb79174c2aec8654d19ed2c3a7bbccdc515f19288093ea0baf
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d990c5d09e68a13de5b8afc997f4966a_JaffaCakes118
Files
-
d990c5d09e68a13de5b8afc997f4966a_JaffaCakes118.sys windows:5 windows x86 arch:x86
8642fd182ee3c21675208e2f524072c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IoFreeMdl
MmUnmapLockedPages
ZwQuerySystemInformation
DbgPrint
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
KeTickCount
Sections
.text Size: 1024B - Virtual size: 602B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 184B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 162B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ