875ac7e9d891b389681c0d6865c6e702_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

875ac7e9d891b389681c0d6865c6e702_JaffaCakes118
Size

178KB
MD5

875ac7e9d891b389681c0d6865c6e702
SHA1

61628cb0f939b6c45d93b526d27be06f9f792813
SHA256

4845ebe8b39c00512c20c196311fef970e9accfed507975bc062460d9d263889
SHA512

de3f475118af1ce95225206593b791b4743c3293784bb9e1623727e766a33824e4a8cdcc6d1f8a7a9e625f6c605657e3110c73a4365b7630cbbfc72922c2c479
SSDEEP

3072:z8/19vPNUKMc0dnObqA09zCMMjk6zvRJERVroofDSGCI5y+JkSH4gnGAxS9sDJ:g/3tU/hGqwTjkYTE7tf+25rYy7S2N

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

875ac7e9d891b389681c0d6865c6e702_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17-02-2009 00:00

Not After

12-04-2012 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:b6:d8:93:2b:2c:32:fc:a3:1e:3d:34:4f:dc:99:4d:54:cc:85:6f
Signer

Actual PE Digest

c5:b6:d8:93:2b:2c:32:fc:a3:1e:3d:34:4f:dc:99:4d:54:cc:85:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.Themida
Size: - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Themida
Size: 172KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

c5:b6:d8:93:2b:2c:32:fc:a3:1e:3d:34:4f:dc:99:4d:54:cc:85:6fSigner

Headers

File Characteristics

Exports

Exports

Sections

.Themida Size: - Virtual size: 696KB

.Themida Size: 172KB - Virtual size: 189KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

c5:b6:d8:93:2b:2c:32:fc:a3:1e:3d:34:4f:dc:99:4d:54:cc:85:6f
Signer

.Themida
Size: - Virtual size: 696KB

.Themida
Size: 172KB - Virtual size: 189KB