3ab4089c864760a4e4e85e389aa9052a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ab4089c864760a4e4e85e389aa9052a_JaffaCakes118
Size

7.6MB
MD5

3ab4089c864760a4e4e85e389aa9052a
SHA1

35efe1c4477ce3d20d7cc0a2ccaa68e1dad95848
SHA256

f6edcf3be164c900227c87bfdf6a46c5c63afec4303ce580af97c466df5aa696
SHA512

07809de4caeacdf50e8952f39ff4c09147e43b65e3bb790885fb9228200c4650ee00df56b14e8443c4614c69b37749bee68e3669daf31e51aea307fa72016351
SSDEEP

98304:Aa4viI7CnTpZ6Y8JJf1GAnF153UlWBLaucCtWSxaXBPM:34XeTpZ6HT4WMucCgaaXF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ab4089c864760a4e4e85e389aa9052a_JaffaCakes118

Files

3ab4089c864760a4e4e85e389aa9052a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gRn
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE