788e07b235edced18a902714f09b566e_JaffaCakes118 | Triage

Sharing

General

Target

788e07b235edced18a902714f09b566e_JaffaCakes118
Size

688KB
MD5

788e07b235edced18a902714f09b566e
SHA1

2920f0b9e1357021856f97a56d7f6c80851141f3
SHA256

cc3bf40f32781dd77bdd46933f80115247e865268b642ca95a185c4214e8be91
SHA512

a7688748267915bf0ab3837e606653570f5b2d69402413af998e39f7416dd8664dc790d8a79d99e0151f940cd99f74722bc2d825b941db2c77a8cf7782fcb5c2
SSDEEP

12288:fKQ2Tdo2PkgbuPBSWDQZaXMz/uVuUON2NGVFLD94EAD:f2Tdo2PnCPBSWDqaQmVDAMGVFLDA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
788e07b235edced18a902714f09b566e_JaffaCakes118

Files

788e07b235edced18a902714f09b566e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
MainDLL

Sections

Size: 96KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 564KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE