74b00da0f2e4d0c8b6e2875d02fefcecJaffaCakes118_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

74b00da0f2e4d0c8b6e2875d02fefcecJaffaCakes118_NeikiAnalytics
Size

3.7MB
MD5

74b00da0f2e4d0c8b6e2875d02fefcec
SHA1

2b8e618271ad1899c2caa9d4ee5dbd4529198046
SHA256

ac23fc53a20f5a19e8183bfba89bcf040d64bec45628c8f50fd80d13d4641081
SHA512

7a1bca3e407c263f64665713a2a94b6e4035e21b0a91adb86e7f820de5351ea9e8d7c68757264907213b9456d2c35326d4ad19b938ee3ca29cfd642cddb2e943
SSDEEP

98304:7957ilusIkAkVtXWZXo9Xph6w2vbXgaoqyy:vwrIkAomq9ZWbXrFyy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

74b00da0f2e4d0c8b6e2875d02fefcecJaffaCakes118_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Code Sign

20:23:87:89:dc:21:62:45:b3:9a:5f:ca:0c:66:ce:c5
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/10/2018, 15:19

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Corporation

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:c3:4f:1b:1b:f2:81:c8:f1:54:8f:9f:2e:57:a7:b2:1f:57:24:5b
Signer

Actual PE Digest

18:c3:4f:1b:1b:f2:81:c8:f1:54:8f:9f:2e:57:a7:b2:1f:57:24:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 76KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

20:23:87:89:dc:21:62:45:b3:9a:5f:ca:0c:66:ce:c5Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

18:c3:4f:1b:1b:f2:81:c8:f1:54:8f:9f:2e:57:a7:b2:1f:57:24:5bSigner

Headers

File Characteristics

Sections

Size: 76KB - Virtual size: 236KB

Size: - Virtual size: 391KB

.imports Size: 4KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.9MB

.boot Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 364KB - Virtual size: 361KB

20:23:87:89:dc:21:62:45:b3:9a:5f:ca:0c:66:ce:c5
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

18:c3:4f:1b:1b:f2:81:c8:f1:54:8f:9f:2e:57:a7:b2:1f:57:24:5b
Signer

.imports
Size: 4KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.9MB

.boot
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 364KB - Virtual size: 361KB