5d1bafd489399fe52f688d24ac2b7276_JaffaCakes118 | Triage

Sharing

General

Target

5d1bafd489399fe52f688d24ac2b7276_JaffaCakes118
Size

2.7MB
MD5

5d1bafd489399fe52f688d24ac2b7276
SHA1

14a8ad5a73dd8d98e73a815201949694c98a0dc4
SHA256

85b3ef26976dfe7f7f651ce4ae36c890b33c76401389aee68f294b70983e4639
SHA512

b81736875100f1556f0b09987deb68d3b9c62766acc2423da054bae44ba33690a43e6011f0122f5e83e89ffa20051bb628541d66ed75d37a59bf45a87bf8cfdc
SSDEEP

49152:hh5CqtLDD6h7I19Suzym2qpUM6zR2b7PBIul10d0:j7tuh7ImfqpBuwX2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d1bafd489399fe52f688d24ac2b7276_JaffaCakes118

Files

5d1bafd489399fe52f688d24ac2b7276_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 88KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ