0f7368216232672c38ae7d5303ccb19e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f7368216232672c38ae7d5303ccb19e_JaffaCakes118
Size

3.5MB
MD5

0f7368216232672c38ae7d5303ccb19e
SHA1

fe791f41c994377407f6304485227ce82ef2e54f
SHA256

5591c10cfad93a9529aa2987d90c33ac14a225f4a5a1cabbd95e0c95792aacf7
SHA512

e4a924b2ba8ca9402027041ed7bb5e3fdb4f90fdc1ccd568aae20ee702a0ae61d37f426d608159f14be81aaab9960398613bd40995e78dc7a92c528ee181b85b
SSDEEP

98304:XIaaMX2ehKZBKXS48apI0qn0hIhEzQXiiiOTra2e:YatKzKXS4onLXijEaL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7368216232672c38ae7d5303ccb19e_JaffaCakes118

Files

0f7368216232672c38ae7d5303ccb19e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 60KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 316B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ