46e2099eabfdb16e798874db33f56f07_JaffaCakes118 | Triage

Sharing

General

Target

46e2099eabfdb16e798874db33f56f07_JaffaCakes118
Size

637KB
MD5

46e2099eabfdb16e798874db33f56f07
SHA1

9d43e82d1ab7b0f26d99805c87433285889e4503
SHA256

630b6d1c162019378e3887a05cd30ede04a7578ba6ce58b4c9cfff9c7cabc667
SHA512

3eef233c6af1e835d8f1fb5447c37ebbd07b8aa4c21340a7ecb446c75948ad13a68b80bdde238eb11b8747949c38600988d399f8921d0eea14aad980ca863164
SSDEEP

12288:x/dhmpvsH4t1AS34QlFK9h70Pe3rol3dQav8cwO8MZwScC2nAsZ1ZY73+Pv:dPGvsYt1ASIQHSh70PEYL8ch8HC2nAs9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46e2099eabfdb16e798874db33f56f07_JaffaCakes118

Files

46e2099eabfdb16e798874db33f56f07_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LOAD
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE