E:\work\malwar\hard\KernelCopy\kcprk\i386\kcp.pdb
Static task
static1
1 signatures
General
-
Target
2242eaac196e261eec772fc83a39b71e_JaffaCakes118
-
Size
4KB
-
MD5
2242eaac196e261eec772fc83a39b71e
-
SHA1
f3374b6a7e524032b6a4ae08a82f7c02a222cc3b
-
SHA256
e0e5f504e03e9facdf5962eaafabd866ce0340753e7ad999923d77ae455960b8
-
SHA512
89050ef092d3b1b02b6106e86e4a6af62c7eb73e359cd50090ee1a3e5cf20eea6d23ba9e0af23d72598a332e25dce309d6b75c534c8130a4a186a763b7249ca1
-
SSDEEP
48:q/A6ceW3oojZXaFCidEWJ1zZeOCaH4qudLWwtEJLecaDIWGouzaTgiRRLRrh:Q1ceWfjlkEWPok4quRWk9caD0oSeRR1
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2242eaac196e261eec772fc83a39b71e_JaffaCakes118
Files
-
2242eaac196e261eec772fc83a39b71e_JaffaCakes118.sys windows:5 windows x86 arch:x86
5d9f5b727e88719ace85a1e970387952
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
ZwCreateFile
RtlInitUnicodeString
ZwReadFile
ZwWriteFile
ZwClose
NtBuildNumber
PsLookupProcessByProcessId
ZwQueryValueKey
ZwOpenKey
memmove
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 222B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 256B - Virtual size: 130B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ