5093af5c2986abb538392dc028150025_JaffaCakes118

General

Target

5093af5c2986abb538392dc028150025_JaffaCakes118
Size

83KB
MD5

5093af5c2986abb538392dc028150025
SHA1

334c9e4ab02dd39902dfa615762d87cfda6d63c6
SHA256

c4ac1ec9f5a90b14b74d8243ada0a2924cbf88b674660431064f0ce2a79330b6
SHA512

83f1faceeabda97c42d6d989c2d41a60f0ab49c9870005ba01dd445cc39c58a0acbf8da6aef3c9e89ebf8008580db63f7cee39aafe1a9ad614bb078a590d0bd5
SSDEEP

1536:Io3l7hjU12DZK5raca1mQVKcy7hzot1htvksd3W5Rlxb/UrhUbJ0TXbrSK:h3njBK5rnwmQe6t7tcsRERrboUEXv

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/themidaspy.exe
unpack001/themidaspynobreak.exe

Files

5093af5c2986abb538392dc028150025_JaffaCakes118
.zip
readme.txt
themidaspy.exe
.exe windows:4 windows x86 arch:x86

5616dcb306df7689c7476d538177ac36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteProcessMemory
LoadResource
UnmapViewOfFile
WaitForSingleObject
ResumeThread
TerminateProcess
WriteFile
SetThreadContext
ReadProcessMemory
LockResource
VirtualAllocEx
FindResourceA
CreateProcessW
ExitProcess
CreateFileMappingA
SizeofResource
CloseHandle
GetProcAddress
GetCommandLineW
CreateRemoteThread
MapViewOfFile
GetThreadContext
ExitThread
GetModuleHandleA
LoadLibraryA

comdlg32

GetOpenFileNameW

shell32

CommandLineToArgvW

Sections

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
themidaspynobreak.exe
.exe windows:4 windows x86 arch:x86

5616dcb306df7689c7476d538177ac36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteProcessMemory
LoadResource
UnmapViewOfFile
WaitForSingleObject
ResumeThread
TerminateProcess
WriteFile
SetThreadContext
ReadProcessMemory
LockResource
VirtualAllocEx
FindResourceA
CreateProcessW
ExitProcess
CreateFileMappingA
SizeofResource
CloseHandle
GetProcAddress
GetCommandLineW
CreateRemoteThread
MapViewOfFile
GetThreadContext
ExitThread
GetModuleHandleA
LoadLibraryA

comdlg32

GetOpenFileNameW

shell32

CommandLineToArgvW

Sections

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5616dcb306df7689c7476d538177ac36

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

shell32

Sections

.rdata Size: 1024B - Virtual size: 916B

.text Size: 3KB - Virtual size: 3KB

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 8KB - Virtual size: 8KB

5616dcb306df7689c7476d538177ac36

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

shell32

Sections

.rdata Size: 1024B - Virtual size: 916B

.text Size: 3KB - Virtual size: 3KB

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 916B

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 916B

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 8KB - Virtual size: 8KB