f4e6123b834615cc3d94b58d393f3097_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f4e6123b834615cc3d94b58d393f3097_JaffaCakes118
Size

10.0MB
MD5

f4e6123b834615cc3d94b58d393f3097
SHA1

26abd8f8c180dcec99a60c2475c4fe7bb69555b5
SHA256

9d2f5d46b02f236f8588bb1e0695059744fb3ff5eace01755cd883fafae33b77
SHA512

cefae5262428c16464e23e0994d95f382c559f64614b20346c3ae1f846ef03598cac564b457749f7a0c03d490a7c40b05b41715609d64f6faf08829166e9572b
SSDEEP

196608:188rXcaGUbxE0H2o8rbowQ8pvwMCquMklnxIt2JWHthvf2bF7CZJbs6Gw1TBB:18q9GbPboQvRCrM2FJWHnvf2bxC/x71n

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f4e6123b834615cc3d94b58d393f3097_JaffaCakes118

Files

f4e6123b834615cc3d94b58d393f3097_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 73KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 17B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 17B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 73KB - Virtual size: 120KB

Size: 15B - Virtual size: 12B

Size: 87KB - Virtual size: 87KB

Size: 17B - Virtual size: 8KB

Size: - Virtual size: 5.1MB

Size: 3.0MB - Virtual size: 3.0MB

Size: 17B - Virtual size: 8KB

Size: - Virtual size: 3.7MB

Size: 2.2MB - Virtual size: 2.2MB

Size: 17B - Virtual size: 8KB

Size: - Virtual size: 3.7MB

Size: 2.2MB - Virtual size: 2.2MB

.imports Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.4MB - Virtual size: 2.4MB

.imports
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.4MB - Virtual size: 2.4MB