008ab4eab15805fb3632652b56507123_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

008ab4eab15805fb3632652b56507123_JaffaCakes118
Size

684KB
MD5

008ab4eab15805fb3632652b56507123
SHA1

fff4caddf249899c4b5183676408014d6406fdd5
SHA256

31ffc16c1437f427f1ddbbef55b64e207034c74e2d675258eb20a9cea47a6c19
SHA512

c8dbcb4b2160f1944fa142bf20ebfa4ca5753497bb3df6e7e57ac4b968e463feaf7edadc37ca47d8af6e94c60b865ae01abc06d1ee72dd0d805621927345b2ff
SSDEEP

12288:7+G3AtarRvy/I8jaXv/yUelxASl+DRiOohxSH9t2hT8J2W9pyNtBJC02Ie:7+Grdvyna/WlxASMDUl8HjA8f0NtLK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
008ab4eab15805fb3632652b56507123_JaffaCakes118

Files

008ab4eab15805fb3632652b56507123_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 557KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE