7695f36a3db37a8705045905abe996a5_JaffaCakes118 | Triage

Sharing

General

Target

7695f36a3db37a8705045905abe996a5_JaffaCakes118
Size

1.3MB
MD5

7695f36a3db37a8705045905abe996a5
SHA1

6a3a21269aada5c344bb37a1a7dc0db803960fda
SHA256

17004e2af77232fd2e5ef03846559a3776d0ad4b188d50bfd8c404b781471d47
SHA512

dc75e0534cbb086b89a80205c2e1da1047456edcf97ddd5bf3d5688c05dff8db3c6e747912315f6ac9d808e14b78aba7851bfe7a2e568e9806eb5f944da0be55
SSDEEP

24576:PrA2an/QRbc5pbrA+hUH3smfCIGhmBJ1ef26sPAmgC6SOlRVTY/5doB:PWuc5pLAKFcJs4RYlRVMxd+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7695f36a3db37a8705045905abe996a5_JaffaCakes118

Files

7695f36a3db37a8705045905abe996a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 617KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 609KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE