f7ed6f2eb7568fa97e9c00f299bed7da_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7ed6f2eb7568fa97e9c00f299bed7da_JaffaCakes118
Size

3.1MB
MD5

f7ed6f2eb7568fa97e9c00f299bed7da
SHA1

ecf28a4f1830b2bcd8601bbef47d0247e81b7ff8
SHA256

508a48498f512a73bdc081c06058c32ab0627df20b5180d24622d968f4933206
SHA512

96708eeada089b4f9a6af7b2f02d613160f8d80f7980a72eeffd6e61c213cd73008ac48677e4ef7e6b1fdc64a71c41336c6324d3bf93cb54c1b9454f900eef7e
SSDEEP

49152:REwqdi0eDEHnmgvUbEImaZzJIZBOWDczxe61F09Oodi50n01u22iR:REH8bEJacZBCzxe61u8Ii56IX2iR

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7ed6f2eb7568fa97e9c00f299bed7da_JaffaCakes118

Files

f7ed6f2eb7568fa97e9c00f299bed7da_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ