71297bbd4891147f49f1d5d14ad744ee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71297bbd4891147f49f1d5d14ad744ee_JaffaCakes118
Size

1000KB
MD5

71297bbd4891147f49f1d5d14ad744ee
SHA1

d8277b798401a898e9a751bf2a6c64e00c12a438
SHA256

e3447e14fc89d5c0022f815cdf01b323c672c9861a4c6e0d6ede4e94d4b0d493
SHA512

bc30d768205db92d9617601f7a76cb210e93d2bdd1f4a7fb3d09ccb77ef5de95b2d7fcf0891a37dc519120c7eb2f60bcd09e332c48c32f602bfa87f43048136e
SSDEEP

24576:7OOmScSw4McTkPpuvju8172Ze01U5Uw7O5jdCCtC2:dmSc4kP6J52Z11U5cjdCCt7

Score

7^/10

vmprotect themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71297bbd4891147f49f1d5d14ad744ee_JaffaCakes118

Files

71297bbd4891147f49f1d5d14ad744ee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CAuth@@QAE@ABV0@@Z
??0CAuth@@QAE@XZ
??1CAuth@@QAE@XZ
??4CAuth@@QAEAAV0@ABV0@@Z
?AddServer@CAuth@@QAE_NVCString@@@Z
?Decrypt1@CAuth@@AAE?AVCString@@V2@@Z
?DisableServer@CAuth@@AAEXXZ
?DllLogin@CAuth@@QAE_NXZ
?Encrypt1@CAuth@@AAE?AVCString@@V2@@Z
?Encrypt2@CAuth@@AAE?AVCString@@V2@@Z
?ExeLogin@CAuth@@QAE_NXZ
?GetRandKey@CAuth@@AAE?AVCString@@H@Z
?GetServer@CAuth@@AAE_NXZ
?ModifyPass@CAuth@@QAE_NXZ
?Pay@CAuth@@QAE_NXZ
?Reg@CAuth@@QAE_NXZ
?TestServer@CAuth@@QAE_NXZ
InstallHook
UninstallHook

Sections

Size: 60KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 524KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE