63c97cd820661195c32ab1bb4795e87c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63c97cd820661195c32ab1bb4795e87c_JaffaCakes118
Size

1.2MB
MD5

63c97cd820661195c32ab1bb4795e87c
SHA1

ae26bba7a96bee2f941a8a41bdfc1738f3e58ddd
SHA256

7e5331b5cff96b05e6ed804e495a5c2aae4318429707c85d369ca53c8a64549a
SHA512

bd97e1f8d2287d15c80859efaacb6aa4300d26840170968a54cf1e65ed6a0257f37e57ec0e004ea05e9fcc32e1453ca1cc5ae1b7f0f210a1998c7b83fdba554d
SSDEEP

24576:+rGjrb0f/lr8h2/KphUEMjAneqreSU03+TUwVsRMG6bjsaTFbSfhi7XYHp5:+rCk/lru2/ihUEMM7RU034HsRMvFbQhl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63c97cd820661195c32ab1bb4795e87c_JaffaCakes118

Files

63c97cd820661195c32ab1bb4795e87c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE