87f3cddfac156283ff1c1da2190905c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87f3cddfac156283ff1c1da2190905c7_JaffaCakes118
Size

1.4MB
MD5

87f3cddfac156283ff1c1da2190905c7
SHA1

eb14f84d85d81145de709c327028877a0c2628b3
SHA256

7da1ac8e35ce466071fb962e6ca4b9c7c64a16611a69bfcf83d4d9dcf8ff4b26
SHA512

cbc7af2317dc53d05f9359eee72467afeb813b091ae24a508efb868f109dc50126c4161c885a7a0a3717f6aca73984f8e1ad2f714dae3197aec51254ca5e0432
SSDEEP

24576:uFOE0vv4kd26SdfF1j0GEDdzrMAOIqKK1A3UHTLiJDDWNlpcGANDGgdf:uO6L6odxMDdzrMaF6A3UHToDCyzNDfd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87f3cddfac156283ff1c1da2190905c7_JaffaCakes118

Files

87f3cddfac156283ff1c1da2190905c7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Tranform

Sections

Size: 496KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 817KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE