07088c0a693f1b71f73196452a8e6304_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07088c0a693f1b71f73196452a8e6304_JaffaCakes118
Size

1.3MB
MD5

07088c0a693f1b71f73196452a8e6304
SHA1

43b8f51d6c8391e7c63228625f1add3134bb9d12
SHA256

6d44b4ce9f73d344d3036bc8012504a8e38e3494383edfebd9c15e6d325ee4ed
SHA512

ede08b9a45198cd17842a5dc3f2553186fb95cc65c26b965aa5ecbb6ed7e944ce9f378f489c3626150e52d47c6abb7b7ebc7f3e4e509fd5391df31408e82abd5
SSDEEP

24576:5BAR7nGCOajuQgrjVR+UEs9nhljssuEoPEECpSi2vlDSx:oRyCJYfVR+9s9nhpssu7EvS/lDi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07088c0a693f1b71f73196452a8e6304_JaffaCakes118

Files

07088c0a693f1b71f73196452a8e6304_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE