fbe091587b190086b44a28cc4564d741_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbe091587b190086b44a28cc4564d741_JaffaCakes118
Size

700KB
MD5

fbe091587b190086b44a28cc4564d741
SHA1

56e0502bd32961c550d58a28a94dc54b38f7ef65
SHA256

3d10c674096e04f28e0e3fd47a6a1110e5334709b2a60dfd625d80016256c66b
SHA512

012ad8ca0a394f3a792d132a552954f9accb89111a72ee261a5542279f0c67260fce3f69778a39a29f1af3ef6f76181b4a2055b6789dd8c701ccce0d92965e8b
SSDEEP

12288:pu0C6Dj3ghJzYjve/QH7D0LtXaU6J5N33h3l9UaB/AGz0igPKxQryUpmEqOVtS:puqSw4tL1bk33lVCGz7VxKmEqStS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbe091587b190086b44a28cc4564d741_JaffaCakes118

Files

fbe091587b190086b44a28cc4564d741_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetDiskID
GetMacID
MainDLL

Sections

Size: 96KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 576KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE