33798e39471e15cb6d36115ce9f65978_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33798e39471e15cb6d36115ce9f65978_JaffaCakes118
Size

1.5MB
MD5

33798e39471e15cb6d36115ce9f65978
SHA1

4eb2742e45a9c994cb442616666ccb26ae1225ad
SHA256

4964a1776f41000a8703e595aca960b378f20f9109846bc2bac4498f7ae9388d
SHA512

f6003439fc7ecd702f446907663ba0cc8d11eed2a70a8aba5d379147a0c05f2aeef1c718b5c6b37468217c9265f6b8bdf370ffcee9e3f8a0deee5d29dcc71c1c
SSDEEP

24576:VkB4rJTX35B6ygp36n/5he8t3SxXyLyyvGMzdHlb5lxzxJrtd+Ki7FiZF9u81v6B:frzl31tyGpzdlVFyiZ8QmAbC

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33798e39471e15cb6d36115ce9f65978_JaffaCakes118

Files

33798e39471e15cb6d36115ce9f65978_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 664KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: 880KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE