94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118
Size

1.3MB
MD5

94f6bcd1c6b35a1c5d55dd2dbe7211da
SHA1

4d6359c3e61f8d54863d183d38ddc548c2a8702b
SHA256

9237e5cae5f698d5ad9f6c61af8bd866e599abb05f5bc49474d98e269a29a588
SHA512

832cfab9ee1f813f2a9a2fa3afae32646a00c10c71930cd034efa2c07d588facb9d782deba930376a499f2e76f1177a4d3a39bd2ca8bbdc37586e092c72ef8b0
SSDEEP

24576:Mm4KIe7WgCBxOQyvlHxhXjqpdwWow1Rht956wCLVAWRCySnAZWX:14GQ9yvlHCdwSZT56wCL1bSn3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

94f6bcd1c6b35a1c5d55dd2dbe7211da_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ae:be:11:7a:13:b8:bc:a2:16:85:df:48:c7:4f:58:4d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-02-2021 00:00

Not After

17-02-2022 23:59

Subject

CN=NANAX d.o.o.,O=NANAX d.o.o.,POSTALCODE=4260,STREET=Mladinska cesta 2A,L=Bled,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01-02-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:5c:2e:6c:4a:e2:f3:26:0a:7a:8e:55:f3:ef:7d:56:b9:cb:8d:77
Signer

Actual PE Digest

26:5c:2e:6c:4a:e2:f3:26:0a:7a:8e:55:f3:ef:7d:56:b9:cb:8d:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllRegisterServer

Sections

Size: 62KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

ae:be:11:7a:13:b8:bc:a2:16:85:df:48:c7:4f:58:4dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

26:5c:2e:6c:4a:e2:f3:26:0a:7a:8e:55:f3:ef:7d:56:b9:cb:8d:77Signer

Headers

File Characteristics

Exports

Exports

Sections

Size: 62KB - Virtual size: 141KB

Size: 24KB - Virtual size: 37KB

Size: 5KB - Virtual size: 5KB

Size: 1KB - Virtual size: 1KB

Size: 6KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 2.7MB

.boot Size: 1.2MB - Virtual size: 1.2MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

ae:be:11:7a:13:b8:bc:a2:16:85:df:48:c7:4f:58:4d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

26:5c:2e:6c:4a:e2:f3:26:0a:7a:8e:55:f3:ef:7d:56:b9:cb:8d:77
Signer

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 2.7MB

.boot
Size: 1.2MB - Virtual size: 1.2MB