2b8bc560ecbf1ef1b76fd4aa34759bd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b8bc560ecbf1ef1b76fd4aa34759bd2_JaffaCakes118
Size

2.4MB
MD5

2b8bc560ecbf1ef1b76fd4aa34759bd2
SHA1

d885c0a5661513b9ced12d9f13c31ada50dce69c
SHA256

a62639534b659b34550a1e8fa3ca8c8576af9e60fb3f890b5520a534a146a94d
SHA512

cc1450418d244f4f95e6dd443f19d48846e930b9da9a246be482fa16e9242d7588f300a3e04d3456b82d7e2fc80cb62635a8a06ed88b9826ea5aecf5b55a4d8b
SSDEEP

49152:l5ucDKIPZznRcUa5AiXR2rIupwS3ndtcXkRNlwh5025Fg4Yeg:lscD/PZzRPiBtIXEURrheg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b8bc560ecbf1ef1b76fd4aa34759bd2_JaffaCakes118

Files

2b8bc560ecbf1ef1b76fd4aa34759bd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE