955f53185a0155087122eb6fd1f4de70_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

955f53185a0155087122eb6fd1f4de70_JaffaCakes118
Size

1011KB
MD5

955f53185a0155087122eb6fd1f4de70
SHA1

b14b059ad8abc626a6946ec3fcfd5f507fd61d8a
SHA256

a549d64c81a455999e162a98ad76ca0c3f4b85c2862e423d97aa5b37dae5095f
SHA512

6ea215512b90717245a234504da0773306464e9b52ad376af9057f7245c5db5c599bace7169a91218742ea106dd6b07e010bb23f7499b3ae5b5db1c49b9c8f85
SSDEEP

24576:aA+69GMs8WK8iKKqHAoNpvdGd1KGY352LBaDbOn:p+69EK8i8JGJYILBaDan

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
955f53185a0155087122eb6fd1f4de70_JaffaCakes118

Files

955f53185a0155087122eb6fd1f4de70_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 324KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 649KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE