f5788894c7e54b768abbf1682319f6b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5788894c7e54b768abbf1682319f6b3_JaffaCakes118
Size

11.1MB
MD5

f5788894c7e54b768abbf1682319f6b3
SHA1

0ce6bb3703226c8663b513d895137ed5c366a7f3
SHA256

6dc85a378c15e82d1cfddd7ff5655335109dee5262193aab8f95dd43eff5b170
SHA512

3544f705d7bdb5e586060b67fba4a4a548834f293e270c9e4697e9ec7a33606497d5653b30a4374e70ba2498fb63a0b56792da60142464f51353b2b4a297c529
SSDEEP

196608:bKabuBYJsI8M/oZdkWW6RYMdtIX1qQoetqBI+UJq1FUe4adyPcnIP2LCJT41WLz9:bKaIYJF84CR1R9TC8N8qBZewFZ0PDe1e

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5788894c7e54b768abbf1682319f6b3_JaffaCakes118

Files

f5788894c7e54b768abbf1682319f6b3_JaffaCakes118
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 7.1MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ