C:\builder\BUILDER2_LDR\DrvCryptor\AsmTmp\crypted.pdb
Static task
static1
1 signatures
General
-
Target
0dd989acfe3910547e2b87ee177d60c8_JaffaCakes118
-
Size
36KB
-
MD5
0dd989acfe3910547e2b87ee177d60c8
-
SHA1
b2011d5b21ca93ae1dff7b0d77c29c6379dac415
-
SHA256
9578940c77ccbab365ce5d23179d15431e62beb7590bd6d47adbaa17ed43d50c
-
SHA512
748d629910464c0d0bc8bdbc5bd99780ffce1b40f7844c0427b0089ff4630b9dc4a9c5d54b2111313b2ff0af7a8ab69966bff6cef4141de2b53a5808edf676aa
-
SSDEEP
384:AWQG3wvaIWi+lSZrOl4LOTn5YZsAltxZWSq1kQcGlWQJgM5vxIe96aYVRfU3s6ja:aGgv0SFo5gsynEYGUQxkaYVk
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0dd989acfe3910547e2b87ee177d60c8_JaffaCakes118
Files
-
0dd989acfe3910547e2b87ee177d60c8_JaffaCakes118.sys windows:5 windows x86 arch:x86
168b074dc4146bc6123f415acd649f38
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ExAllocatePoolWithTag
ExFreePoolWithTag
memcpy
memset
strlen
_allshr
ExAllocatePool
_stricmp
strncmp
KeTickCount
MmIsAddressValid
_allshl
hal
HalMakeBeep
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 170B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 400B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 226B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ