68c029435ce8ac5ba5af33c7235156bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68c029435ce8ac5ba5af33c7235156bc_JaffaCakes118
Size

4.1MB
MD5

68c029435ce8ac5ba5af33c7235156bc
SHA1

e513c67372bb573eb20493efdceeb2a2a4813fee
SHA256

1dcda297b4401c37903cbe782ba53bb3f0d4cfe40a42593b610b5dc6b5ec6324
SHA512

ff5e7810916ff14a22fe16639949e8b70714f6f5fbc8907e43c31c0e42737c7f6809002c6d1a84c7611be68f5a3ee1511074c4f8e91a6e8a1aa394a5beb0cf27
SSDEEP

98304:zR0KgJjrSQ7U3SpCOWI2WvoabPqsWRN6wrdGs8:l0fxj1IQBbZWRN6wY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

68c029435ce8ac5ba5af33c7235156bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:c7:81:fe:f4:92:fb:ac:51:7e:80:14:bf:c5:54:d4
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/01/2009, 00:00

Not After

19/01/2010, 23:59

Subject

CN=上海征途信息技术有限公司,OU=WoSign Class 3 Code Signing,O=上海征途信息技术有限公司,L=徐汇区,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.2MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 664KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

df:c7:81:fe:f4:92:fb:ac:51:7e:80:14:bf:c5:54:d4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Sections

Size: 2.2MB - Virtual size: 5.6MB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 664KB - Virtual size: 1.5MB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

df:c7:81:fe:f4:92:fb:ac:51:7e:80:14:bf:c5:54:d4
Certificate

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 664KB - Virtual size: 1.5MB