c:\users\muha\desktop\root\test\objchk_wxp_x86\i386\rootkit.pdb
Static task
static1
1 signatures
General
-
Target
396bda164e49532754c5d908cec96e9e_JaffaCakes118
-
Size
2KB
-
MD5
396bda164e49532754c5d908cec96e9e
-
SHA1
bae6ece770bf424f6d1ff2187c3bbe280a75bb88
-
SHA256
62f7ac1a58708d916a6f37b52ba93124a7829d20ae29bc9f34d4c1e95e4ee4b3
-
SHA512
417fad05fcc62fc642bd30efe42abda61e56cf0a245a1dc866d778fecefb24951e6755431a2444fc273a2bc88f248ca4f82db3f53754b1a2043368f48cb88d4c
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 396bda164e49532754c5d908cec96e9e_JaffaCakes118
Files
-
396bda164e49532754c5d908cec96e9e_JaffaCakes118.sys windows:6 windows x86 arch:x86
ecc6853444f9c361de3c7675727ba32f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
strncmp
IoGetCurrentProcess
KeTickCount
DbgPrint
Sections
.text Size: 512B - Virtual size: 421B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 256B - Virtual size: 212B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ