38e60620c1cb304ce1df1da8e675db32_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38e60620c1cb304ce1df1da8e675db32_JaffaCakes118
Size

4.6MB
MD5

38e60620c1cb304ce1df1da8e675db32
SHA1

2592782865a291a7203811e7e8e508bce71e7517
SHA256

e90f2a8c8faad43708717bf41405e45193bd8b73fbd14854fc42113d153529a4
SHA512

fd17f90ae7db109f0a97bebb72550a7fd3cf9c6c879fd610f38e85a4920ce6b4ed7d476e18b6826847001e2c3f16f0d51533b60123a00ff7d8ab19e88fdd7179
SSDEEP

98304:ceXhkcXTJUVLI2O1jKUajfgpczUIVwuMvPO:ZRkWTJALIjYfgpuUIOnO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

38e60620c1cb304ce1df1da8e675db32_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:55

Not After

19/01/2027, 11:55

Subject

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:d3:e0:4d:47:f8:9d:b0:92:a2:5d:ff:4a:4c:cb:6b
Certificate

Issuer

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

01/07/2019, 09:32

Not After

30/06/2022, 09:32

Subject

SERIALNUMBER=0000356397,CN=Mirillis Sp. z o.o.,O=Mirillis Sp. z o.o.,POSTALCODE=65-410,STREET=Fabryczna 14B/1,L=Zielona Góra,ST=lubuskie,C=PL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13086c756275736b6965,1.3.6.1.4.1.311.60.2.1.1=#0c0d5a69656c6f6e612047c3b37261,1.3.6.1.4.1.311.60.2.1.3=#1302504c

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

58:ff:d6:16:f1:cb:2f:28:49:1a:3e:25:d2:92:cb:c0:73:bd:a4:c5
Signer

Actual PE Digest

58:ff:d6:16:f1:cb:2f:28:49:1a:3e:25:d2:92:cb:c0:73:bd:a4:c5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 241KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 33KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3Certificate

Extended Key Usages

Key Usages

1a:d3:e0:4d:47:f8:9d:b0:92:a2:5d:ff:4a:4c:cb:6bCertificate

Extended Key Usages

Key Usages

58:ff:d6:16:f1:cb:2f:28:49:1a:3e:25:d2:92:cb:c0:73:bd:a4:c5Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 241KB - Virtual size: 248KB

Size: 33KB - Virtual size: 90KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 67KB

.themida Size: - Virtual size: 6.8MB

.boot Size: 4.2MB - Virtual size: 4.2MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

1a:d3:e0:4d:47:f8:9d:b0:92:a2:5d:ff:4a:4c:cb:6b
Certificate

58:ff:d6:16:f1:cb:2f:28:49:1a:3e:25:d2:92:cb:c0:73:bd:a4:c5
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 67KB

.themida
Size: - Virtual size: 6.8MB

.boot
Size: 4.2MB - Virtual size: 4.2MB