64c145d746e2c8715a2b8a808735ba8f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64c145d746e2c8715a2b8a808735ba8f_JaffaCakes118
Size

5.0MB
MD5

64c145d746e2c8715a2b8a808735ba8f
SHA1

f5f64db3fcd161eb4a65659b5b37a8458b7fe918
SHA256

88d51c542ca33265e233d07f4c8b1cdffea31c54ca811f68ccaac42b2d16e086
SHA512

d2e8aeeb740c6bd7d96ad391feeaabd839f0c90d5041bf45091f18a5fc7f865e7d6d8c2341f5b1810c0a772f98be8312e462dc244c9b1a488349908230eb291d
SSDEEP

98304:aVzMcXySA5hHSDYWLCjnW87+G45KrKukldjk/s:sRYi2+bKHklxms

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64c145d746e2c8715a2b8a808735ba8f_JaffaCakes118

Files

64c145d746e2c8715a2b8a808735ba8f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE