d:\ressdt\I386\ressdt.PDB
General
-
Target
f5f058e747a1b6570feac048bc5946ab_JaffaCakes118
-
Size
26KB
-
MD5
f5f058e747a1b6570feac048bc5946ab
-
SHA1
ca949dd0bf64c902dd9e60afcabd2180670fdf47
-
SHA256
87133ea9334de288f2deb768d6533c849fdbb23aab11f933aef73ddfca072929
-
SHA512
18383d950ade52c055005e56cb6772c9e6f568e410a006766dd6a065f7c2e255f3c73b7c36cf37e2d60f46695e1d63a526270c251718749507bbf937e58278bb
-
SSDEEP
768:78/wXVaNEW8B+VYPykhxwIRlHUcxTAPMGRNT:sAVUEdBq+ucx0PMSJ
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f5f058e747a1b6570feac048bc5946ab_JaffaCakes118
Files
-
f5f058e747a1b6570feac048bc5946ab_JaffaCakes118.sys windows:5 windows x86 arch:x86
2d7db8c727ea186c5d443965a13bc45d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
KeServiceDescriptorTable
ProbeForRead
ProbeForWrite
IoCreateSymbolicLink
DbgPrint
IoCreateDevice
RtlInitUnicodeString
_except_handler3
Sections
.text Size: 512B - Virtual size: 490B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 142B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 274B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 128B - Virtual size: 66B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 128B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ