2ccae515a241d66b9df4203349a26251_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ccae515a241d66b9df4203349a26251_JaffaCakes118
Size

1.8MB
MD5

2ccae515a241d66b9df4203349a26251
SHA1

a1c53025ba48062837b1ffcb00b359f53ead94e8
SHA256

a2828f048bcd6349b1750107b95e447c0c7a3c2c5e963e0074064f7b53d31805
SHA512

2434b026c961dd99092760b60fc5fb5c3bd9830e40fb7c14022b8aa84bd2559787c4b12a9c7f4b6166f60a92bdf864ab9ca4b892083167dc00ec5bad5f394d42
SSDEEP

24576:eeFh8NFC1pGsHN91hllIk4ncniQ659z7Sf0/kp4fMn2Y9TgX/RNWZskmOBoW/:7xesHNdAnOY59zG6+a7I

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ccae515a241d66b9df4203349a26251_JaffaCakes118

Files

2ccae515a241d66b9df4203349a26251_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 445KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 728KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE