277018a50658bab47f6015c96061b2d1_JaffaCakes118 | Triage

Sharing

General

Target

277018a50658bab47f6015c96061b2d1_JaffaCakes118
Size

756KB
MD5

277018a50658bab47f6015c96061b2d1
SHA1

bfe7bfa99d9c3df215741b80f7851a66a06444b9
SHA256

b4e05457f9bc289d5a1346e59cbc53dc73d4f9baa55a8f61ab3b3ce4e2909d01
SHA512

4f228cb869fb869c4ab61f952153ddea40bfd68c983ea05a7248bbc227ef487bee16aa7846e81f2e344267dd7bca8067c85bf00199d88649891b910f9e07f2cb
SSDEEP

12288:itryCOfDjK9EmWHj1vRlHxINyaiBjXUrD+n3c0sUBuA5oTxEoWp8sJw/Q:i1yC4DtmuvIQamjkrnPeuYoTV1sJw/Q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
277018a50658bab47f6015c96061b2d1_JaffaCakes118

Files

277018a50658bab47f6015c96061b2d1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 70KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 634KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE