5a04db86b3307bb0d70f599a39e91c76_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5a04db86b3307bb0d70f599a39e91c76_JaffaCakes118
Size

1.1MB
MD5

5a04db86b3307bb0d70f599a39e91c76
SHA1

b925e158db79610e4aa64dafba478f29c68c3445
SHA256

5462a095cf832e43e7ad109778d578a0f6a0b5abae4bed5abade78fef2a5eae9
SHA512

e4318cb717103ca36f0bdb8cb9d9dc40e2b5b9b3a09868b19cc36d3772912b6882d3d667e8f467bc50d16955fc0d928978f8cbe3857ac30d704877ac5c3e0a3a
SSDEEP

24576:n7RxE/ZwnRK0hQtcSgoy2lGHNhG0DC6ysdhSzf69bf:n7TIwnQ0hQtcouNU026X

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a04db86b3307bb0d70f599a39e91c76_JaffaCakes118

Files

5a04db86b3307bb0d70f599a39e91c76_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

@$xp$14Jpeg@TJPEGData
@$xp$15Jpeg@TJPEGImage
@$xp$15Jpeg@TJPEGScale
@$xp$21Jpeg@TJPEGPerformance
@$xp$21Jpeg@TJPEGPixelFormat
@$xp$22Jpeg@TJPEGQualityRange
@@Load@Finalize
@@Load@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@Jconsts@Finalization$qqrv
@Jconsts@_sChangeJPGSize
@Jconsts@_sJPEGError
@Jconsts@_sJPEGImageFile
@Jconsts@initialization$qqrv
@Jpeg@Finalization$qqrv
@Jpeg@JPEGDefaults
@Jpeg@TJPEGData@
@Jpeg@TJPEGData@$bdtr$qqrv
@Jpeg@TJPEGData@FreeHandle$qqrv
@Jpeg@TJPEGImage@
@Jpeg@TJPEGImage@$bctr$qqrv
@Jpeg@TJPEGImage@$bdtr$qqrv
@Jpeg@TJPEGImage@Assign$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@AssignTo$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@CalcOutputDimensions$qqrv
@Jpeg@TJPEGImage@Changed$qqrp14System@TObject
@Jpeg@TJPEGImage@Compress$qqrv
@Jpeg@TJPEGImage@DIBNeeded$qqrv
@Jpeg@TJPEGImage@Draw$qqrp16Graphics@TCanvasrx11Types@TRect
@Jpeg@TJPEGImage@Equals$qqrp17Graphics@TGraphic
@Jpeg@TJPEGImage@FreeBitmap$qqrv
@Jpeg@TJPEGImage@GetBitmap$qqrv
@Jpeg@TJPEGImage@GetEmpty$qqrv
@Jpeg@TJPEGImage@GetGrayscale$qqrv
@Jpeg@TJPEGImage@GetHeight$qqrv
@Jpeg@TJPEGImage@GetPalette$qqrv
@Jpeg@TJPEGImage@GetWidth$qqrv
@Jpeg@TJPEGImage@JPEGNeeded$qqrv
@Jpeg@TJPEGImage@LoadFromClipboardFormat$qqrusuip10HPALETTE__
@Jpeg@TJPEGImage@LoadFromStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@NewBitmap$qqrv
@Jpeg@TJPEGImage@NewImage$qqrv
@Jpeg@TJPEGImage@ReadData$qqrp15Classes@TStream
@Jpeg@TJPEGImage@ReadStream$qqrip15Classes@TStream
@Jpeg@TJPEGImage@SaveToClipboardFormat$qqrrusruirp10HPALETTE__
@Jpeg@TJPEGImage@SaveToStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@SetGrayscale$qqro
@Jpeg@TJPEGImage@SetHeight$qqri
@Jpeg@TJPEGImage@SetPalette$qqrp10HPALETTE__
@Jpeg@TJPEGImage@SetPerformance$qqr21Jpeg@TJPEGPerformance
@Jpeg@TJPEGImage@SetPixelFormat$qqr21Jpeg@TJPEGPixelFormat
@Jpeg@TJPEGImage@SetScale$qqr15Jpeg@TJPEGScale
@Jpeg@TJPEGImage@SetSmoothing$qqro
@Jpeg@TJPEGImage@SetWidth$qqri
@Jpeg@TJPEGImage@WriteData$qqrp15Classes@TStream
@Jpeg@initialization$qqrv
_Form1
___CPPdebugHook
_frmldr

Sections

Size: 368KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 644KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 368KB - Virtual size: 872KB

.rsrc Size: 67KB - Virtual size: 152KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 644KB - Virtual size: 1.4MB

.rsrc
Size: 67KB - Virtual size: 152KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 644KB - Virtual size: 1.4MB