I:\CPP\driver\fuse\fuse\DefendTrojan\objfre_w2k\i386\fuse.pdb
Static task
static1
1 signatures
General
-
Target
27aa5ff109ebda695e1cdf94a46b0aae_JaffaCakes118
-
Size
6KB
-
MD5
27aa5ff109ebda695e1cdf94a46b0aae
-
SHA1
34c908253f0db1c76b5d3bf9332f04a905300264
-
SHA256
e4b7ae6f077565ba5bf110336ea3e1482f20ebab98f06602d021682df998e18a
-
SHA512
c2e41ff791eeda1f1e1011a9934c0676d5355ca7eb087663ac978c5e4c1002e68a8aeeafea4f07e5d1bcc3d3117442b32b684d813ba1dabb5439e323bb2f8fb0
-
SSDEEP
192:1HpffIfglaAnkCzY+gT0Ra10OI8Pdsil1EAAav4:j3ImHS0k0DZkFNv
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 27aa5ff109ebda695e1cdf94a46b0aae_JaffaCakes118
Files
-
27aa5ff109ebda695e1cdf94a46b0aae_JaffaCakes118.sys windows:5 windows x86 arch:x86
c793c8b4eb3b5f46e7d65ffeb7a1a3de
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
KeSetEvent
wcsncpy
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
ExFreePool
IoFreeMdl
MmUnlockPages
PsSetCreateProcessNotifyRoutine
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeServiceDescriptorTable
ZwDeviceIoControlFile
KeInitializeEvent
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeDelayExecutionThread
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
_except_handler3
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 896B - Virtual size: 870B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ