ea8cf7a5feef57c143b447cfae6cb20b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea8cf7a5feef57c143b447cfae6cb20b_JaffaCakes118
Size

2.3MB
MD5

ea8cf7a5feef57c143b447cfae6cb20b
SHA1

5084470d6ee2e24e02fdedf9960d9990f53b9935
SHA256

b85e36d32f3d22f66326eb1922ac0a6d0ed9a0fd925559c16587e642d3c36d13
SHA512

3fc0c27a9ca0ca6c04d835b601501f310381be246c774b9df6d06bf862187979027601f80420cb49c77142d88d87e69dd03962618d3bc07ee3e973aff8f72018
SSDEEP

49152:NV/hhasqvPJmZEyvqx1ksi6MLWE6mzgrVLRaDiBjVofNcDGYg2Jr:NVKyWMobr9XefNjSJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

ea8cf7a5feef57c143b447cfae6cb20b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:c0:38:e4:78:18:6b:67:2a:3a:7b:21:ba:85:dc:62
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/05/2018, 00:00

Not After

14/07/2021, 12:00

Subject

CN=Hugh Bailey,O=Hugh Bailey,L=Temecula,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:a5:5d:cd:ce:52:12:2e:c2:ce:b6:5f:d7:48:fc:ad:f3:c6:1f:d8:32:f7:7d:86:0f:cf:ca:cb:89:12:e0:9d:97:10:7d:c5:75:98:fc:ed:05:f4:16:e0:6e:04:24:0c:32:8d:bb:ed:76:55:88:44:0b:03:7a:5e:58:e0:79:0f
Signer

Actual PE Digest

84:a5:5d:cd:ce:52:12:2e:c2:ce:b6:5f:d7:48:fc:ad:f3:c6:1f:d8:32:f7:7d:86:0f:cf:ca:cb:89:12:e0:9d:97:10:7d:c5:75:98:fc:ed:05:f4:16:e0:6e:04:24:0c:32:8d:bb:ed:76:55:88:44:0b:03:7a:5e:58:e0:79:0f

Digest Algorithm

sha512

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 35KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0d:c0:38:e4:78:18:6b:67:2a:3a:7b:21:ba:85:dc:62Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

84:a5:5d:cd:ce:52:12:2e:c2:ce:b6:5f:d7:48:fc:ad:f3:c6:1f:d8:32:f7:7d:86:0f:cf:ca:cb:89:12:e0:9d:97:10:7d:c5:75:98:fc:ed:05:f4:16:e0:6e:04:24:0c:32:8d:bb:ed:76:55:88:44:0b:03:7a:5e:58:e0:79:0fSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 35KB - Virtual size: 96KB

Size: 136KB - Virtual size: 275KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 276KB - Virtual size: 275KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 1.8MB - Virtual size: 1.8MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0d:c0:38:e4:78:18:6b:67:2a:3a:7b:21:ba:85:dc:62
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

84:a5:5d:cd:ce:52:12:2e:c2:ce:b6:5f:d7:48:fc:ad:f3:c6:1f:d8:32:f7:7d:86:0f:cf:ca:cb:89:12:e0:9d:97:10:7d:c5:75:98:fc:ed:05:f4:16:e0:6e:04:24:0c:32:8d:bb:ed:76:55:88:44:0b:03:7a:5e:58:e0:79:0f
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 276KB - Virtual size: 275KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 1.8MB - Virtual size: 1.8MB