e82546e84b438af5a77729f44a73fbf8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e82546e84b438af5a77729f44a73fbf8_JaffaCakes118
Size

3.2MB
MD5

e82546e84b438af5a77729f44a73fbf8
SHA1

c883e0ea373ee8871bda8e5fd82c469aea2aef55
SHA256

7ba90bee9e6ee935e1422f5252a2e78f98948c374190e39b9e912233b94ae576
SHA512

67687eadae821fd146916dd703d5e74262887278f981eb285d55f271aca02a84b78c36822ba362a215ebd9e500d6053206acbe6a95494e0ab3494ac1992a3d41
SSDEEP

49152:Tf3NgYrSC70x3XpIvQFWc0Tv8Oilkz3Q3boHGkJSkvl24gK8e7tnC9rnZ+Y:TvaYp7QHd0Tv8tOzg3boHRJgt19rZB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

e82546e84b438af5a77729f44a73fbf8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/01/2021, 06:35

Not After

29/01/2022, 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/01/2021, 06:35

Not After

29/01/2022, 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8e:ce:c1:3c:01:13:17:99:f4:3a:5c:1c:8a:4c:37:90:0d:3f:46:56:c8:6a:b9:dc:68:81:b8:b8:cd:1a:f5:91
Signer

Actual PE Digest

8e:ce:c1:3c:01:13:17:99:f4:3a:5c:1c:8a:4c:37:90:0d:3f:46:56:c8:6a:b9:dc:68:81:b8:b8:cd:1a:f5:91

Digest Algorithm

sha256

PE Digest Matches

false

a8:8d:d6:3d:dc:e2:a6:2f:89:28:eb:bb:f9:54:fb:7b:c9:64:42:da
Signer

Actual PE Digest

a8:8d:d6:3d:dc:e2:a6:2f:89:28:eb:bb:f9:54:fb:7b:c9:64:42:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 42KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

8e:ce:c1:3c:01:13:17:99:f4:3a:5c:1c:8a:4c:37:90:0d:3f:46:56:c8:6a:b9:dc:68:81:b8:b8:cd:1a:f5:91Signer

a8:8d:d6:3d:dc:e2:a6:2f:89:28:eb:bb:f9:54:fb:7b:c9:64:42:daSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 42KB - Virtual size: 96KB

Size: 1024B - Virtual size: 1KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.themida Size: - Virtual size: 4.7MB

.boot Size: 3.1MB - Virtual size: 3.1MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

8e:ce:c1:3c:01:13:17:99:f4:3a:5c:1c:8a:4c:37:90:0d:3f:46:56:c8:6a:b9:dc:68:81:b8:b8:cd:1a:f5:91
Signer

a8:8d:d6:3d:dc:e2:a6:2f:89:28:eb:bb:f9:54:fb:7b:c9:64:42:da
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: 3.1MB - Virtual size: 3.1MB