5dfacc43dff7cdf4fd0b79b33c239a5d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dfacc43dff7cdf4fd0b79b33c239a5d_JaffaCakes118
Size

604KB
MD5

5dfacc43dff7cdf4fd0b79b33c239a5d
SHA1

e5d507691cefed01cc3422f5efbed6634e4694d9
SHA256

56aab7e71d85eedfdb4499ae86588fcaeaea18b2754bd847141c167ad7bf9f3a
SHA512

041f48c5762b648f2d86930b176bd90aae52d9f194f480a3ade1aab13195bb9bb814d378c358dd8426960a55dcb79024758a68dec8582b57c55b3902e9269008
SSDEEP

12288:juRrcImiRyyI0qHG6RSON5ycveGFnGL/O/vH4tro5:cn5IyI48GGFGL/O/Apo5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dfacc43dff7cdf4fd0b79b33c239a5d_JaffaCakes118

Files

5dfacc43dff7cdf4fd0b79b33c239a5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CreateInterface

Sections

Size: 48KB - Virtual size: 33.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 528KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE