51b9711c5637cdf4a5b44f6dd9bb3eda_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

51b9711c5637cdf4a5b44f6dd9bb3eda_JaffaCakes118
Size

3.8MB
MD5

51b9711c5637cdf4a5b44f6dd9bb3eda
SHA1

b4851f0f4a1568130763142dfecce532f8dca6e3
SHA256

dd11659543b958d2dd58b0a694a2c574aaf94f5edd8689860e9c4a36b5530cee
SHA512

69347285283b80d45e2f988500d54fba9fcb5fb6711f33cb92d12d8ce71deb088027a8e57ec525906f12133b75a12ed5b03b66e8a4bc06ee229fd15270a8a0f8
SSDEEP

98304:zHDIrXrCr0zwGfGmxDw8Ea2vmq/CAtnx/9uQa9:zjIrWIzbfBDwTa2e5Ahx/9Ba

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

51b9711c5637cdf4a5b44f6dd9bb3eda_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-03-2018 00:00

Not After

31-03-2021 12:00

Subject

SERIALNUMBER=5128862,CN=Discord Inc.,O=Discord Inc.,L=San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-03-2018 00:00

Not After

31-03-2021 12:00

Subject

SERIALNUMBER=5128862,CN=Discord Inc.,O=Discord Inc.,L=San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:53:8d:d7:5d:e9:52:17:52:df:3c:ed:a1:a3:3a:09:02:e6:56:e3:a5:e0:ea:a4:cd:bc:9f:42:af:16:07:99
Signer

Actual PE Digest

ef:53:8d:d7:5d:e9:52:17:52:df:3c:ed:a1:a3:3a:09:02:e6:56:e3:a5:e0:ea:a4:cd:bc:9f:42:af:16:07:99

Digest Algorithm

sha256

PE Digest Matches

false

47:45:4c:84:6b:68:64:91:4d:94:67:27:bb:b5:8d:ea:6d:a8:d7:70
Signer

Actual PE Digest

47:45:4c:84:6b:68:64:91:4d:94:67:27:bb:b5:8d:ea:6d:a8:d7:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Size: 434KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 104KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ef:53:8d:d7:5d:e9:52:17:52:df:3c:ed:a1:a3:3a:09:02:e6:56:e3:a5:e0:ea:a4:cd:bc:9f:42:af:16:07:99Signer

47:45:4c:84:6b:68:64:91:4d:94:67:27:bb:b5:8d:ea:6d:a8:d7:70Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 434KB - Virtual size: 1.2MB

Size: 104KB - Virtual size: 287KB

Size: 15B - Virtual size: 12B

.imports Size: 512B - Virtual size: 8KB

.rsrc Size: 287KB - Virtual size: 287KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 2.9MB - Virtual size: 2.9MB

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ef:53:8d:d7:5d:e9:52:17:52:df:3c:ed:a1:a3:3a:09:02:e6:56:e3:a5:e0:ea:a4:cd:bc:9f:42:af:16:07:99
Signer

47:45:4c:84:6b:68:64:91:4d:94:67:27:bb:b5:8d:ea:6d:a8:d7:70
Signer

.imports
Size: 512B - Virtual size: 8KB

.rsrc
Size: 287KB - Virtual size: 287KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 2.9MB - Virtual size: 2.9MB