bc725dcaf8fee055cb58019fce2e93cc_JaffaCakes118

General

Target

bc725dcaf8fee055cb58019fce2e93cc_JaffaCakes118
Size

24KB
MD5

bc725dcaf8fee055cb58019fce2e93cc
SHA1

a1bf2c602581f96d32459e56e9663e5de0c9a02a
SHA256

e1d02a7c23b7d1ff37ac8d66be937a67e17568802c47481051233050f69be1cb
SHA512

cefc4ebe54b57e1e55bb0790026c126aa64da2c8a606a92be0bbfd7feff10f7304d00ccd3a667214b4eb9411af602c540102cce1e67bac074282e89f6e7c4c25
SSDEEP

384:iF4TXQYJ2VQOOwHshPB3abwRm4IXSfuhy/jso9uT+quEOjBMoJ8:G4bQYJ2Vm4bwmXSUy/jso5zMG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc725dcaf8fee055cb58019fce2e93cc_JaffaCakes118

Files

bc725dcaf8fee055cb58019fce2e93cc_JaffaCakes118
.sys windows:6 windows x86 arch:x86

78cddf353b934df19bda9d035be73808

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

crcdisk.pdb

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
KeInitializeEvent
IoCreateDevice
memset
IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
IoQueueWorkItem
IoFreeMdl
MmMapLockedPagesSpecifyCache
memcpy
KeTickCount
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoAllocateWorkItem
KeBugCheckEx
KeWaitForSingleObject
IofCallDriver
KeSetEvent
KeGetCurrentThread
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeIrp
IoReuseIrp
IoAllocateIrp
MmUnlockPages
MmProbeAndLockPages
RtlUnwind
IoFreeWorkItem
IoDetachDevice
InitSafeBootMode
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78cddf353b934df19bda9d035be73808

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 356B

.data Size: 1KB - Virtual size: 1KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 1022B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 534B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 356B

.data
Size: 1KB - Virtual size: 1KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 1022B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 534B