0f656fb2acf6b13e4d874741ed6e262a_JaffaCakes118 | Triage

Sharing

General

Target

0f656fb2acf6b13e4d874741ed6e262a_JaffaCakes118
Size

684KB
MD5

0f656fb2acf6b13e4d874741ed6e262a
SHA1

e2849d5d2afb83a0cf80a7ed6302a4d02316a3bc
SHA256

47e2fd40ca9ad782278fa807fb66d93fcfa661fdd979634f5b1d627b32ebf679
SHA512

497fa93af73be3a3dd3b8d4803aa859b705ae44e1c4db97ea8e4947ba493f4a7867d18021f17b98564bbd761ed4a030532429555b09d3660aa37dbd90cde6703
SSDEEP

12288:b+G3AtarRvy/I8jaXv/yUelxASl+DRiOohxSH9t2hT8J2W9pyNtBJC02Ie:b+Grdvyna/WlxASMDUl8HjA8f0NtLK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f656fb2acf6b13e4d874741ed6e262a_JaffaCakes118

Files

0f656fb2acf6b13e4d874741ed6e262a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TheMida
Size: 557KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE