41738c52a0928b6a2daf72d447de5460_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41738c52a0928b6a2daf72d447de5460_JaffaCakes118
Size

1.1MB
MD5

41738c52a0928b6a2daf72d447de5460
SHA1

450aadf2e6da83186fa6df3c26d0913dbd18715b
SHA256

c2e61770afafa24a3b9fbe60652d80ee314fd4d9cfb7683b297f040b24b66572
SHA512

0f95340c98cc71dbdb7cd728c5b2ec99325a595ecc9019420e0605dd38437f49ab5d010cbb2a05ba6784f03dc6cf4a5ce9da3bd5d21a7cc0f9dc42bd0e3314bb
SSDEEP

24576:k8DyalSl6W9TphaVQUoLOkiM2wr3o4rOshaeHJvThgJ:k8Dyzl6W3NUE3RrOs8e3g

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41738c52a0928b6a2daf72d447de5460_JaffaCakes118

Files

41738c52a0928b6a2daf72d447de5460_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be909f1ff8baeefd1fdf63cad6e5bce5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1168

msvcrt

__set_app_type

kernel32

LoadLibraryA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

EnableWindow
MessageBoxA

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida0
Size: 12KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida1
Size: - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Themida2
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ