c:\0bulknet\build_root\r-loader.25\root\i386\main.pdb
Static task
static1
1 signatures
General
-
Target
397771f70ebaa30a42bdb0390f9ced61_JaffaCakes118
-
Size
32KB
-
MD5
397771f70ebaa30a42bdb0390f9ced61
-
SHA1
a4b9b39fd222c0ce87daf36de1f403e0730b410d
-
SHA256
3d7eefc99b323ba3a1f76b4d711f31a219e6b3d82d6ec0d741f248f5e372706c
-
SHA512
eaa6b59d1138a6e80014dd2996bdc3fb3a2d07d46acb0559889d0e87d5b3f10a43f1696db075ec85e441617331cc96d6ce5afb11d86e498fe144b8bf93ecfcff
-
SSDEEP
768:KGjt2I3HW4XcFsjq+oUqiV7W0mie17n5Pgk:KUMGJW0mh17P
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 397771f70ebaa30a42bdb0390f9ced61_JaffaCakes118
Files
-
397771f70ebaa30a42bdb0390f9ced61_JaffaCakes118.sys windows:5 windows x86 arch:x86
ce93aa5dd9172783cf29c7ee24bb55b9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwClose
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
NtBuildNumber
ZwCreateFile
wcscpy
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 234B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 640B - Virtual size: 607B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 640B - Virtual size: 532B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 256B - Virtual size: 246B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ