21fbfa862c6d8ca2028ae4b4a16c7bff_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21fbfa862c6d8ca2028ae4b4a16c7bff_JaffaCakes118
Size

3.7MB
MD5

21fbfa862c6d8ca2028ae4b4a16c7bff
SHA1

a00f2a116f0e081bae948aa6313988809355d61a
SHA256

49190f059247eea3dc13fe1fa14f4f05bef9000646c04bd79c47c3e01635534d
SHA512

c224cd8542fb20949c449db27f2cd87e7a3b067afcd24296d6591b66c266996136a21fb3a698ce7dc07cfdf25b3b01d14ebb4540a41287ec53d74ca9853512f8
SSDEEP

49152:a4LdOMIwNB3qsRnhfp4krA0Bf5+diFAsnFqWpHhup:a4BqsXftbs+Dbpkp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21fbfa862c6d8ca2028ae4b4a16c7bff_JaffaCakes118

Files

21fbfa862c6d8ca2028ae4b4a16c7bff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE