F:\driver\RESSDT\i386\RESSDT.pdb
General
-
Target
f2f8031fb0e6a2284e99b505fc227f41_JaffaCakes118
-
Size
6KB
-
MD5
f2f8031fb0e6a2284e99b505fc227f41
-
SHA1
5379a5028e4d5dda7a76a1f97ba5bdbf985e8614
-
SHA256
ad9a6b525aa995da3df045d83c56a64618f25607de751854f5ed4b24c60fea3f
-
SHA512
f820b2336e48247855cbf1dcc14697a044ea3034ee23e98e8d4b1a2bf7f376279dbaddb60b48302abd66d35412873e009ca51d827f3c0902f76dd13c46a0e9d8
-
SSDEEP
96:U7ALhTP174T+vUxFMKw+87E3BGxFGiJDIk4KtbqR9XJQQUnnHnnn:UEj4TJ7MF2IxQit4GORNmQUnHn
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f2f8031fb0e6a2284e99b505fc227f41_JaffaCakes118
Files
-
f2f8031fb0e6a2284e99b505fc227f41_JaffaCakes118.sys windows:5 windows x86 arch:x86
c4b7c8fabc366471234f118f99623680
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3
Sections
.text Size: 768B - Virtual size: 684B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 149B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 324B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 128B - Virtual size: 86B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 640B - Virtual size: 560B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ