F:\driver\RESSDT\i386\RESSDT.pdb
General
-
Target
2e37ed298973859afc92f400117e5f02_JaffaCakes118
-
Size
6KB
-
MD5
2e37ed298973859afc92f400117e5f02
-
SHA1
e6956d2397bfed60167cc4d87f17ed28480521c9
-
SHA256
694afd1d52e7978b7beb25b727c62e541a432d0fbce28f8c84503d108ed4ba91
-
SHA512
4c88543e430435ef923f43b7e74e6685e8dd9836d85dc4f3b5115472b59724d1011e61a8c6ea189972a937c1ca47432759823e794048e8c96d24dce5ba7d3854
-
SSDEEP
96:U7i3hNIP17Q78SUqYsAGldSJFYEsUc7Gl4tEY7VzNI9GTnWHHHp:UWOLSUqRKTcCl6EWV5I9GTWn
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e37ed298973859afc92f400117e5f02_JaffaCakes118
Files
-
2e37ed298973859afc92f400117e5f02_JaffaCakes118.sys windows:5 windows x86 arch:x86
c4b7c8fabc366471234f118f99623680
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
IofCompleteRequest
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3
Sections
.text Size: 768B - Virtual size: 684B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 149B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 324B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 128B - Virtual size: 86B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 640B - Virtual size: 568B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ