PIGPIGPIGPIG
Static task
static1
1 signatures
General
-
Target
02ed076c499be5cb1a4950101017f76a_JaffaCakes118
-
Size
2KB
-
MD5
02ed076c499be5cb1a4950101017f76a
-
SHA1
0bb0777c58c02e6894d0435e894d3fde35ee81fe
-
SHA256
1dd63d2c884f22f853ac5d7b64143b8fb8dcd4148789fbabb52a97e243806563
-
SHA512
e5609980a706917911a604a7620dbce3ae6f3083485c27dc69eb805e759f7699c483966031cc11c17992817e4aa3bb6978ff215c1b50da0fb1ba48cd67ee3080
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 02ed076c499be5cb1a4950101017f76a_JaffaCakes118
Files
-
02ed076c499be5cb1a4950101017f76a_JaffaCakes118.sys windows:5 windows x86 arch:x86
c8c15557f9c4fc56d8265da6733a8672
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
ObfDereferenceObject
ObfReferenceObject
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
PsLookupProcessByProcessId
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
Sections
.text Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 189B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ