3026779ccf0a3e164b3541de4d45d014_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3026779ccf0a3e164b3541de4d45d014_JaffaCakes118
Size

1.5MB
MD5

3026779ccf0a3e164b3541de4d45d014
SHA1

76d9d438d75507c183aefbb1e17dbf212476b2f0
SHA256

37b180a64bd2eedb7cd349214d32ab2cc5f1a7e00da638db30b3bd2fca2cd16f
SHA512

4de6e1924dba54dc61ea324cacd828b5f3975e322faa1cbe5a96db9f51fc20f143541e44aacbca486b0b0786dd665e8acf77f0f5f52e1a99cfc21c28b4034e7b
SSDEEP

24576:+79JJetUdRo5DDQWgxrMZhmHe/dI5wCYJkLJovfzQMDPpAFpUy1Fl4Adsyk1s9Ir:+7l0KxwvmodGpjLJoa/UgsKsbs9IyQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3026779ccf0a3e164b3541de4d45d014_JaffaCakes118

Files

3026779ccf0a3e164b3541de4d45d014_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 16KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 636KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 620KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE