39cea60067481ca103c1f13f1bcc6a61_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39cea60067481ca103c1f13f1bcc6a61_JaffaCakes118
Size

1.1MB
MD5

39cea60067481ca103c1f13f1bcc6a61
SHA1

aec79b2adc7cacc43d33c0559e8c284f19ca117f
SHA256

7088bed0f3b9ca16db50fdc8a3a1f8f384c0f0d8414c67759f701cc970165e4f
SHA512

15e2a0e85798dc1217a7670f6311a21d0a094e2f12e440e6c3b59491a4c42729288d29fd1230f924ba6d5507090c1b424e88d6e9f11142f7b61cac8969a115d6
SSDEEP

24576:Z+tDFgvwo4ncUPTj6OIczBh4f5M2wr3o4rOshaeHJvThgJ:Z+tavwlcU7j/t1h4xE3RrOs8e3g

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39cea60067481ca103c1f13f1bcc6a61_JaffaCakes118

Files

39cea60067481ca103c1f13f1bcc6a61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be909f1ff8baeefd1fdf63cad6e5bce5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1168

msvcrt

__set_app_type

kernel32

LoadLibraryA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

EnableWindow
MessageBoxA

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida0
Size: 12KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida1
Size: - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Themida2
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ