c74ef6d0805cd0869a397ea1cf6365d3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c74ef6d0805cd0869a397ea1cf6365d3_JaffaCakes118
Size

4.8MB
MD5

c74ef6d0805cd0869a397ea1cf6365d3
SHA1

2334ca9c4129bdc95aaf1b6efdcb0e665029e607
SHA256

fb1681e5a629aa4963f197e8d8c46c0ce42c2fc7e9b588841f9e1cfb5947dcf9
SHA512

dee29477f0435a0bb202a82d8769a05eeae306cb4eb3cd44c4b84a5bdf0556d2b1a7d1dd9990e248ff8362e1f61e1e0e4c2d4e7d29c57e09e945c1939b21af97
SSDEEP

98304:mjI5OnA13ill4ma/TSOXHj1wOrBzgOautJ4Luu9LyhzBhXr9:m8uSQKS6HOOrp/auAKuByhzXXr9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

c74ef6d0805cd0869a397ea1cf6365d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

27/01/2017, 13:38

Not After

27/01/2018, 13:38

Subject

CN=Open Source Developer\, Oliver Valencia,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c216b65726265726f733030324075736572732e736f75726365666f7267652e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

27/01/2017, 13:38

Not After

27/01/2018, 13:38

Subject

CN=Open Source Developer\, Oliver Valencia,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c216b65726265726f733030324075736572732e736f75726365666f7267652e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:bf:4f:16:6b:f9:d3:24:48:4a:96:5d:3a:ad:ad:e2:f8:ea:f4:bd:5c:de:8e:08:4a:21:08:a0:63:fb:e8:02
Signer

Actual PE Digest

41:bf:4f:16:6b:f9:d3:24:48:4a:96:5d:3a:ad:ad:e2:f8:ea:f4:bd:5c:de:8e:08:4a:21:08:a0:63:fb:e8:02

Digest Algorithm

sha256

PE Digest Matches

false

1f:40:ad:97:66:00:87:4b:51:5c:ee:38:6c:01:85:0d:da:c8:d8:3f
Signer

Actual PE Digest

1f:40:ad:97:66:00:87:4b:51:5c:ee:38:6c:01:85:0d:da:c8:d8:3f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 46KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

41:bf:4f:16:6b:f9:d3:24:48:4a:96:5d:3a:ad:ad:e2:f8:ea:f4:bd:5c:de:8e:08:4a:21:08:a0:63:fb:e8:02Signer

1f:40:ad:97:66:00:87:4b:51:5c:ee:38:6c:01:85:0d:da:c8:d8:3fSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 46KB - Virtual size: 112KB

Size: 15KB - Virtual size: 67KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 68KB - Virtual size: 67KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 4.6MB - Virtual size: 4.6MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

41:bf:4f:16:6b:f9:d3:24:48:4a:96:5d:3a:ad:ad:e2:f8:ea:f4:bd:5c:de:8e:08:4a:21:08:a0:63:fb:e8:02
Signer

1f:40:ad:97:66:00:87:4b:51:5c:ee:38:6c:01:85:0d:da:c8:d8:3f
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 68KB - Virtual size: 67KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 4.6MB - Virtual size: 4.6MB