d:\programs\siberia2\protect\objfre_wxp_x86\i386\protect.pdb
Static task
static1
1 signatures
General
-
Target
53b1e16e8743409d381bb774582c22e4_JaffaCakes118
-
Size
29KB
-
MD5
53b1e16e8743409d381bb774582c22e4
-
SHA1
23a66ac7d4ca8786f02deeccae0091fd52d5efd0
-
SHA256
e2c09b8ddf133e3c3873b7e28ada316d2ca27e1d8c337d777d05720e3b2c9336
-
SHA512
b1ab6e8ffc863351a18a4f524d5dea1f2462171ce493921140518bf4041cbeabd2999525eeeae49069c86aab4464731491075a974bfe7aea022112fb3fb2fce9
-
SSDEEP
384:xjcXS1Og2MV2HIqWD0ZvmmnL9AXUbn5Cxs7Ec7M2EVdMTz9Qdz:DB7il/9FbK2aMf9Q
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 53b1e16e8743409d381bb774582c22e4_JaffaCakes118
Files
-
53b1e16e8743409d381bb774582c22e4_JaffaCakes118.sys windows:6 windows x86 arch:x86
fd056cefb51e16931d199a85a9f02eec
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
memcpy
strcmp
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
memset
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 145B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 256B - Virtual size: 184B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ