21cda70d30694583d852fcaba7dfc65a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21cda70d30694583d852fcaba7dfc65a_JaffaCakes118
Size

3.5MB
MD5

21cda70d30694583d852fcaba7dfc65a
SHA1

a0b22007c46c0de8e6db5796969b6e21fcab9b56
SHA256

abc4f270b7bd25220ca707715091a6e6ba72674a7ea4e1c1c756c1ea063bdeeb
SHA512

7f0bf75d745842ccccd83d98c6ca14948e1a2bfedeac4a7a3090e910a88f1a49e4b289204b2a6f106af0ef3ed895815a784da7c36f2f93025595d80f329ab86f
SSDEEP

49152:+r54Oryq9UkdOkef50bVRflEFt/iEKilbfJcax4ULjmD2eUwuuLRizYNK42+IYKn:+iHmH/e5e9EFRAiloUc2CvizW3iYKn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21cda70d30694583d852fcaba7dfc65a_JaffaCakes118

Files

21cda70d30694583d852fcaba7dfc65a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ