f4149cd80c96f0ac1f73da8dc67fa554_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f4149cd80c96f0ac1f73da8dc67fa554_JaffaCakes118
Size

356KB
MD5

f4149cd80c96f0ac1f73da8dc67fa554
SHA1

10a339d1210ad42f721521dcb57bfc6017584d00
SHA256

53c9c4e4a603494d4e15ba1151856e31b9ff498303193068b8bb78bb2cef826a
SHA512

a2d1cb99aed9ac6fec864282c72f4877b67b295746a160c4e5315c67079550b151b17ddc34a758ffaf2bb76fafe08f74b2ec425c24c3f0fd62f2b395d0df4d80
SSDEEP

6144:QWeXaT4RvQqzdTUH2VWuUFe4kdBDvwfEv10w5/6IkM3lY:Q5qkRvvzdFFUTkdWEtjkM1Y

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4149cd80c96f0ac1f73da8dc67fa554_JaffaCakes118

Files

f4149cd80c96f0ac1f73da8dc67fa554_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 296KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rising
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 512B - Virtual size: 319B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

100
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.COM
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 296KB - Virtual size: 648KB

DATA Size: 5KB - Virtual size: 12KB

BSS Size: - Virtual size: 8KB

.idata Size: 1KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 44KB

.rsrc Size: 32KB - Virtual size: 36KB

.rising Size: 512B - Virtual size: 4KB

.aspack Size: 2KB - Virtual size: 4KB

.themida Size: 512B - Virtual size: 12KB

.pelock Size: 2KB - Virtual size: 4KB

.MaskPE Size: 512B - Virtual size: 12KB

.MaskPE Size: 4KB - Virtual size: 12KB

.aspack Size: 3KB - Virtual size: 4KB

.adata Size: - Virtual size: 4KB

.MaskPE Size: 512B - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 4KB

.adata Size: - Virtual size: 4KB

.MaskPE Size: 512B - Virtual size: 319B

100 Size: 512B - Virtual size: 512B

.COM Size: 512B - Virtual size: 512B

CODE
Size: 296KB - Virtual size: 648KB

DATA
Size: 5KB - Virtual size: 12KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 1KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 44KB

.rsrc
Size: 32KB - Virtual size: 36KB

.rising
Size: 512B - Virtual size: 4KB

.aspack
Size: 2KB - Virtual size: 4KB

.themida
Size: 512B - Virtual size: 12KB

.pelock
Size: 2KB - Virtual size: 4KB

.MaskPE
Size: 512B - Virtual size: 12KB

.MaskPE
Size: 4KB - Virtual size: 12KB

.aspack
Size: 3KB - Virtual size: 4KB

.adata
Size: - Virtual size: 4KB

.MaskPE
Size: 512B - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 4KB

.adata
Size: - Virtual size: 4KB

.MaskPE
Size: 512B - Virtual size: 319B

100
Size: 512B - Virtual size: 512B

.COM
Size: 512B - Virtual size: 512B