3c0466e078328d36f9320f774e77f0a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c0466e078328d36f9320f774e77f0a9_JaffaCakes118
Size

1.1MB
MD5

3c0466e078328d36f9320f774e77f0a9
SHA1

bb1af52c57d9f541270f6c786ef95812a2119635
SHA256

82947b52dbe51cd218569c888d2c099b55a3c114e03981ecb87f4a41da6482c0
SHA512

25665dfe2f591cb1782295c9650ad324e6cf0d5391b8d5470d9548548cfbcdd4800aacc94ab99d8bc3d3cb203ec813473abfc46df1b830c898a5ccf8d4e9a966
SSDEEP

24576:+vtcjP1b4RubbkGsal7aM2qTzWQA5eMQZMOHkEW3jLDtxJvThgJ:+vqPB4Rubog78q/WXeiwWzHrg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c0466e078328d36f9320f774e77f0a9_JaffaCakes118

Files

3c0466e078328d36f9320f774e77f0a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9516745ecbdaf8150859a2236e47b007

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord860

msvcrt

__set_app_type

kernel32

LoadLibraryA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

EnableWindow
MessageBoxA

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida0
Size: 12KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida1
Size: - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Themida2
Size: 580KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ