35518ddb6d8f9c1c3b07dbea4ac1b7ae_JaffaCakes118 | Triage

Sharing

General

Target

35518ddb6d8f9c1c3b07dbea4ac1b7ae_JaffaCakes118
Size

349KB
MD5

35518ddb6d8f9c1c3b07dbea4ac1b7ae
SHA1

f1721e0c6ddd45efcbd040d441ea387ca44772b4
SHA256

db94645b4cf673883f965c745b900084266dfd03e1a59e71d449e540cf450a32
SHA512

f3abfe0e1bd0fecc106ebbb0e1c4f7a894c6ab3b79b608c24c2f606a36f1487b3faf186ea872abd39a36a03f8e1f87d943ebd40e39a0e6b239a914c49fec584b
SSDEEP

6144:GEusy1h7qKJUZ4N1qq1vpVZehWhuh5CcQu98dPcTKRwPoYLjKyYSdWwm4Mk:c1h7HC41fN8h+08uPDjGxwm4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35518ddb6d8f9c1c3b07dbea4ac1b7ae_JaffaCakes118

Files

35518ddb6d8f9c1c3b07dbea4ac1b7ae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddMonitoredWnd
ClearKeyHook
ClearMsgHook
ClearWndCallHook
RemoveMonitoredWnd
SetKeyHook
SetMsgHook
SetWndCallHook

Sections

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 341KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE