33e96a039096d64b34fbbe4caf9ba38b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33e96a039096d64b34fbbe4caf9ba38b_JaffaCakes118
Size

3.4MB
MD5

33e96a039096d64b34fbbe4caf9ba38b
SHA1

61cd1f9fec8ff21963895b8a08b94dcee3407e57
SHA256

e6d4e133841cf16c39d3793a9a2c8b05461135710b5af5d70a8d3aed7ec0a382
SHA512

c4cba7b7314104d2b13c605e3937e63aabb3b2f2e960426d7f5b0ed612d98fcf940a2f43cde90eb7c121d2f6fd14301b7b12b129e85f0ea31a93f0659d707e65
SSDEEP

98304:B2Q3ys1xaXcZdQKjVYAlMu5wM/PXomM+lQjVovG:gYyyRQDa5hQmpQG

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33e96a039096d64b34fbbe4caf9ba38b_JaffaCakes118

Files

33e96a039096d64b34fbbe4caf9ba38b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 366KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 699KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 578KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE