C:\pro1\i386\msdirectx.pdb
General
-
Target
43da616d36e03b2ea02238bd32189711_JaffaCakes118
-
Size
5KB
-
MD5
43da616d36e03b2ea02238bd32189711
-
SHA1
ab83014f53e384763a8b5b4b1d49ad5415d86538
-
SHA256
5b8632b9baff4bd10869b5efbe7fd9c7880bf808767180c4500fdb65c7e1840d
-
SHA512
6e2901c5d8b1af088b77097feabc27a541083b432d4de4603db18ea2b575216a527b6f07ed2bd47f4d49b90c53defb401d44575d2b88c53a622155e5ce5923bf
-
SSDEEP
96:nLs7t96wVGW84lk5dNPMpQhCSA7u84yqIBZ2nnHnnn:nujGpdNPMmhCLqK8nHn
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 43da616d36e03b2ea02238bd32189711_JaffaCakes118
Files
-
43da616d36e03b2ea02238bd32189711_JaffaCakes118.sys windows:5 windows x86 arch:x86
5cecd43962892c56a53648ee6e68b9d7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
strncmp
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoGetCurrentProcess
IofCompleteRequest
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
Sections
.text Size: 1024B - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 256B - Virtual size: 207B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 268B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 128B - Virtual size: 100B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ