9740f05b2c61d83fb93d34e071f4fe79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9740f05b2c61d83fb93d34e071f4fe79_JaffaCakes118
Size

4.6MB
MD5

9740f05b2c61d83fb93d34e071f4fe79
SHA1

67a4005abbe3bc832541045119190c7ec6fdacc5
SHA256

477ea4ac94a63aa7e55baf53f5a0fba0e264f3c155f413edc03da1f5181d9999
SHA512

6ef885b013abb79515f9ed73e44e5b5fb6ecc935c075cd95fd5ef55e81c65140f6f0548cee02507d48cfec21822d72f7007062a913f3b46cf5f0445e9611017f
SSDEEP

98304:02MRVgA+MJCbeHWSYgMbOOaAe6BRCmCFwCTU7EkiaYmW/wG:8gAfJCaHWSYgGraAe6BEeCTUZDYmW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9740f05b2c61d83fb93d34e071f4fe79_JaffaCakes118

Files

9740f05b2c61d83fb93d34e071f4fe79_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d0760fbb86d99642aa02fd69bdd04b4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

mscoree

_CorExeMain

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

Size: - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pif0
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pif1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pif2
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0760fbb86d99642aa02fd69bdd04b4e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

user32

Sections

Size: - Virtual size: 144KB

.pif0 Size: - Virtual size: 202KB

Size: - Virtual size: 12B

.idata Size: - Virtual size: 8KB

.themida Size: - Virtual size: 2.9MB

.boot Size: - Virtual size: 1.2MB

.pif1 Size: - Virtual size: 1.3MB

.pif2 Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 116KB - Virtual size: 202KB

.pif0
Size: - Virtual size: 202KB

.idata
Size: - Virtual size: 8KB

.themida
Size: - Virtual size: 2.9MB

.boot
Size: - Virtual size: 1.2MB

.pif1
Size: - Virtual size: 1.3MB

.pif2
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 116KB - Virtual size: 202KB