1a44e55af48d4f98d9cc6d1e12a7f465_JaffaCakes118

General

Target

1a44e55af48d4f98d9cc6d1e12a7f465_JaffaCakes118
Size

364KB
MD5

1a44e55af48d4f98d9cc6d1e12a7f465
SHA1

ec9d5077d9e6fa1d2247b429b187ae760055ed27
SHA256

b61e39f64a5c108144ac4fb77259b507638c960dcb3660990e8fc1b055c0a854
SHA512

5b2eaf363f881b1e8a960a5c705a4fd8c643454d088ffa15d408b267b2ca08ea92d2dae249b6c86e56508246058d35ee518223f427ec57eb9a293c04732cb1c3
SSDEEP

6144:KXrmxntKaUzMMhhprEgV4raAqswX3dTu0h//uJv5uD661WDQ+gU4IpxOHn:5K5zMMDprtiraAqtXtTuCnuJv5uWPhgJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a44e55af48d4f98d9cc6d1e12a7f465_JaffaCakes118

Files

1a44e55af48d4f98d9cc6d1e12a7f465_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ee54f26d5961d44e1892e33e9aaa0f8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

FindWindowA
MessageBoxA

psapi

GetModuleInformation

Sections

.text
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida1
Size: 4KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida2
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida3
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee54f26d5961d44e1892e33e9aaa0f8f

Headers

File Characteristics

Imports

kernel32

user32

psapi

Sections

.text Size: - Virtual size: 34KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 531KB

Themida1 Size: 4KB - Virtual size: 132KB

Themida0 Size: - Virtual size: 6KB

Themida2 Size: - Virtual size: 39KB

Themida3 Size: 216KB - Virtual size: 215KB

.reloc Size: 4KB - Virtual size: 144B

.rsrc Size: 136KB - Virtual size: 132KB

.text
Size: - Virtual size: 34KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 531KB

Themida1
Size: 4KB - Virtual size: 132KB

Themida0
Size: - Virtual size: 6KB

Themida2
Size: - Virtual size: 39KB

Themida3
Size: 216KB - Virtual size: 215KB

.reloc
Size: 4KB - Virtual size: 144B

.rsrc
Size: 136KB - Virtual size: 132KB