3d6128f6fc0fb236a141abdbbbb802c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d6128f6fc0fb236a141abdbbbb802c9_JaffaCakes118
Size

1.0MB
MD5

3d6128f6fc0fb236a141abdbbbb802c9
SHA1

42ef9bc3927f7db3cedfdda04917b837f8b11216
SHA256

2608b22b70d1c7d5b4f6a28f767abe199889469140e0f8cfda5a48fc73ba6894
SHA512

b0ef48c95815f5091271bd8005bca1b124069040a40111cf1ac0e5fbc79c9da90206a562b4ddd55e7cecc67b31043d4188157064e67a4259dde4c73319d0b592
SSDEEP

24576:e4Wj5j1pbRnuYT5bbGkBo6hm/f5JiIisv6fHpHeDHeyT:Qj5NnuMlBo6ufvqH+L

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d6128f6fc0fb236a141abdbbbb802c9_JaffaCakes118

Files

3d6128f6fc0fb236a141abdbbbb802c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Sections

Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 997KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE