1339d9b2e6286b64fadaa6f8fad00091_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1339d9b2e6286b64fadaa6f8fad00091_JaffaCakes118
Size

9.8MB
MD5

1339d9b2e6286b64fadaa6f8fad00091
SHA1

47585a5bd08ecd1f939ebd0c2e74504376855146
SHA256

1555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50
SHA512

572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570
SSDEEP

196608:Um1Tp/z6x0Agp9TvLANmYsXN8Zv4wZ+tpTKKPYPLxMSsVV:B1RO6BHvMNmYE8ZvitpbYhsVV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1339d9b2e6286b64fadaa6f8fad00091_JaffaCakes118

Files

1339d9b2e6286b64fadaa6f8fad00091_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 6.9MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ