87a49084cadb46cdf8a9b624a261a38a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87a49084cadb46cdf8a9b624a261a38a_JaffaCakes118
Size

680KB
MD5

87a49084cadb46cdf8a9b624a261a38a
SHA1

399a8475ec995dd8fc755decc29bcd8f68128a15
SHA256

cb66079e1e6701b56afe1c29d0a288c21401a1e821d0d724318745ff09a047fb
SHA512

185ab192f0cf6579b7a6ae23377aa411d4037d23f60d8e6212059796f0a4f723e4c4769638dc083c97544cb9b67ee41ac59567463821f170041d693fbb05ad0f
SSDEEP

12288:R6TXX5d99sNupZORv+0iRoLgJNIggkfUd+UBPVmB38ByFo:8H5L9sEpER+bRlJNIggYUdX9mB38

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87a49084cadb46cdf8a9b624a261a38a_JaffaCakes118

Files

87a49084cadb46cdf8a9b624a261a38a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 648KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ