0a2f152377262754d03320f88f954f46_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a2f152377262754d03320f88f954f46_JaffaCakes118
Size

2.9MB
MD5

0a2f152377262754d03320f88f954f46
SHA1

a916d0f0a2ec0c4816ee78f0aa9166d6c1ad3f7c
SHA256

33bb331a58b05d2c9e2e2d9f65eff640a50808c05a538c73e5c5d9627e5eb464
SHA512

7016fc7f6aee43379158b21cda8cf92db1dd0277534e14fc5cf3f167a4285db4092578ddd3b61e52bd3bca024a095a3831271842a005987bca8835a6f087cb7e
SSDEEP

49152:eYp9H27y4jof4PbQCB2peyhTQWtxN14+VvXMYRISaWlAkjLPre:1H2u4MEUCcpeGtxnrXtqSaWlfC

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a2f152377262754d03320f88f954f46_JaffaCakes118

Files

0a2f152377262754d03320f88f954f46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 846KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 10.6MB

.as_0000
Size: 110KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: - Virtual size: 12KB

.as_0001
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 811KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE