3064a92a1debdc5f925cda34058a6425_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3064a92a1debdc5f925cda34058a6425_JaffaCakes118
Size

1.2MB
MD5

3064a92a1debdc5f925cda34058a6425
SHA1

5d7dc88b6c15e52934967f340cc3c556d5b23351
SHA256

d5ffa86b63adf4e30e53fe31af91ee6e24afdac2b2baa37e4c58c19c2f1f53fb
SHA512

3c41e61dca0184c926f4defca401935f85ff4aaa7fd81c8d9296dcf6b7aaeabc3a2439efb9e4e5ec9e7f65af876503bb452d9613e93609f33a28130154ad8838
SSDEEP

24576:En6JcTcEu4c6QjqnW/AUscKNGgGPeFtUmkFgI6wM0EfxtORQ8lTL:rOTcEg6Q+WTscLnQUmkqI6wMt/kQ0H

Score

7^/10

aspackv2 themida

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3064a92a1debdc5f925cda34058a6425_JaffaCakes118

Files

3064a92a1debdc5f925cda34058a6425_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 17KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE