4292bd13b9d88fd3c5dcb720f75d48fd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4292bd13b9d88fd3c5dcb720f75d48fd_JaffaCakes118
Size

7.7MB
MD5

4292bd13b9d88fd3c5dcb720f75d48fd
SHA1

6edaa4af79a232bc5865075e8f2c6513c2e30fce
SHA256

3e036861e07951590048a2b5e14910328d8db70e77c17c592707ce7babd552a0
SHA512

2ac4d7dfd922bbf885b74446b55d4c0e34aaebf9daa7fa9c50dcea88f2bf638372777d56237cbcbdaafea1e6d5b8594ec323489014196395669571068adf5eeb
SSDEEP

196608:R8YuYQ1KA43rS1tDpm58rnkEkQRMrV1gKwWZvv:+YvQ1j409nzFRMVdv

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4292bd13b9d88fd3c5dcb720f75d48fd_JaffaCakes118

Files

4292bd13b9d88fd3c5dcb720f75d48fd_JaffaCakes118
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 311KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ