e9d5206109ad1c3a34b863fa42ee6e40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9d5206109ad1c3a34b863fa42ee6e40_JaffaCakes118
Size

3.5MB
MD5

e9d5206109ad1c3a34b863fa42ee6e40
SHA1

6543398463a12685648d4a5876965bee3af17b5c
SHA256

c3e1f7bd5dfa81bb5c55a12d804184f0ae5607bbe5a191ba4984c5cd36d89da2
SHA512

c4df9ec3d8b7b4b9fc3e8b29a0c49911b84faa5a805329e583d70099e1335a4337781d7278376d8db8f52eb31ec07b2e2db6bc9fc278075eb0c8c4bd239a0998
SSDEEP

49152:LXenjmTRNtf1ihnlxlF2H6dfqS3q6o7h0D9kPV969oHZGrGeXa2cyM1bKzNqAfn3:LXs8tf0xlzJxo7hi9cbZPk4bKnP3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

e9d5206109ad1c3a34b863fa42ee6e40_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

1f:75:e3:5b:8a:be:6a:a7:4f:b0:67:6d:39:13:17:f6
Certificate

Issuer

CN=Bosch HBF 114EW0R

Not Before

28/07/2021, 11:11

Not After

29/07/2031, 11:11

Subject

CN=Bosch HBF 114EW0R

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:69:e0:f0:a1:24:11:ec:e3:b7:79:e8:43:ab:13:89:3d:db:9d:f2:39:0d:86:82:03:6f:e6:9c:06:84:77:47
Signer

Actual PE Digest

ea:69:e0:f0:a1:24:11:ec:e3:b7:79:e8:43:ab:13:89:3d:db:9d:f2:39:0d:86:82:03:6f:e6:9c:06:84:77:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 76KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

▪️GO
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

▪️GO
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

1f:75:e3:5b:8a:be:6a:a7:4f:b0:67:6d:39:13:17:f6Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ea:69:e0:f0:a1:24:11:ec:e3:b7:79:e8:43:ab:13:89:3d:db:9d:f2:39:0d:86:82:03:6f:e6:9c:06:84:77:47Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 76KB - Virtual size: 184KB

Size: 1.1MB - Virtual size: 1.2MB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

▪️GO Size: 102KB - Virtual size: 102KB

.themida Size: - Virtual size: 4.9MB

.boot Size: 2.1MB - Virtual size: 2.1MB

▪️GO Size: 2KB - Virtual size: 2KB

.rsrc Size: 102KB - Virtual size: 101KB

1f:75:e3:5b:8a:be:6a:a7:4f:b0:67:6d:39:13:17:f6
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ea:69:e0:f0:a1:24:11:ec:e3:b7:79:e8:43:ab:13:89:3d:db:9d:f2:39:0d:86:82:03:6f:e6:9c:06:84:77:47
Signer

.idata
Size: 512B - Virtual size: 8KB

▪️GO
Size: 102KB - Virtual size: 102KB

.themida
Size: - Virtual size: 4.9MB

.boot
Size: 2.1MB - Virtual size: 2.1MB

▪️GO
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 102KB - Virtual size: 101KB