8879ea465b23c61f1f931db946c40700_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8879ea465b23c61f1f931db946c40700_JaffaCakes118
Size

3.7MB
MD5

8879ea465b23c61f1f931db946c40700
SHA1

999a083f658b2a04cf7d803768a56393de3d990c
SHA256

8c728c72f4c63ed3ddb40cc23bc4718677410e341bd1e2a6526bca3682e2ca76
SHA512

a0d67bff2c45979a91ce687f750da687398f57298d38d482b7d67ad347b337074ca0f5c9355b10b1e12a67530a4d80dc853edecb8db18229ab999e39aff36ac8
SSDEEP

98304:zobi9MohDuT/kHoGqXdb7+88rqcRNLIpY/R0DN:zobyMohMw5YW3ucRNLA+RQN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8879ea465b23c61f1f931db946c40700_JaffaCakes118

Files

8879ea465b23c61f1f931db946c40700_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 577KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 107KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ