C:\a\GameHack\RegDriver\objfre\i386\Reg.pdb
Static task
static1
1 signatures
General
-
Target
573fe7adc68d5c9b49139599539bf51d_JaffaCakes118
-
Size
3KB
-
MD5
573fe7adc68d5c9b49139599539bf51d
-
SHA1
419711f64362ffcd0db945ea6e036ea197617667
-
SHA256
c20129665bb05628aa64a98777a91c3f3861f90407ebcbebf5fed6fd408a5d08
-
SHA512
42b033042cf154c946844567e9295304145f5624307b1732b7944b8bfefeb754dbf06d1d4f9e76991c183e94f65b2e984318a5443958e9b13edd401e66523eaa
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 573fe7adc68d5c9b49139599539bf51d_JaffaCakes118
Files
-
573fe7adc68d5c9b49139599539bf51d_JaffaCakes118.sys windows:5 windows x86 arch:x86
29b24ee9350c2c96fbb35208a8163bd1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwClose
ZwSetValueKey
wcslen
ZwOpenKey
RtlInitUnicodeString
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
wcscat
Sections
.text Size: 896B - Virtual size: 888B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 128B - Virtual size: 3B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 932B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 74B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ