a3cb5600d54022a9c8da0f7c423d26b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3cb5600d54022a9c8da0f7c423d26b6_JaffaCakes118
Size

5.7MB
MD5

a3cb5600d54022a9c8da0f7c423d26b6
SHA1

590971cb840c5ce28fe21078c29733eecb6274fb
SHA256

7c87f3667e3796cd8acf3e22ab2dfd9f9033dbd93daeddfc8b5ffde595bb2834
SHA512

58fb70909ee8f97a16d8a971a8f5d2fb5327b5a64dfb7cdf1fb1aa738e420e550d79b0a47fadc27161b3c034850cc20b16d1f69d478db3b36d20ae06ca5690ae
SSDEEP

98304:Cv3jALr583Xo5sSFwa75C2EDBTP6worOOSR2eROvU5K30pQUyecp8hkqFpt8mnO+:Y3Mh8SsowUMxDBBa/VeKEVyecmkqFfn9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

a3cb5600d54022a9c8da0f7c423d26b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

40:b5:cd:c1:a2:83:de:de:d0:3e:24:49:54:44:28:4d
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/12/2017, 00:00

Not After

18/01/2021, 23:59

Subject

CN=Aescripts\, Inc,O=Aescripts\, Inc,POSTALCODE=10591,STREET=18 Francis St,L=Sleepy Hollow,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:5b:a6:d7:46:a5:82:6b:e3:15:34:70:fa:40:53:f5:b9:e8:0f:83:c3:7f:03:4f:57:94:74:15:d4:d8:49:f1
Signer

Actual PE Digest

5f:5b:a6:d7:46:a5:82:6b:e3:15:34:70:fa:40:53:f5:b9:e8:0f:83:c3:7f:03:4f:57:94:74:15:d4:d8:49:f1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 230KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

40:b5:cd:c1:a2:83:de:de:d0:3e:24:49:54:44:28:4dCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5f:5b:a6:d7:46:a5:82:6b:e3:15:34:70:fa:40:53:f5:b9:e8:0f:83:c3:7f:03:4f:57:94:74:15:d4:d8:49:f1Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 230KB - Virtual size: 232KB

Size: 38KB - Virtual size: 80KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 61KB - Virtual size: 61KB

.themida Size: - Virtual size: 7.6MB

.boot Size: 5.4MB - Virtual size: 5.4MB

40:b5:cd:c1:a2:83:de:de:d0:3e:24:49:54:44:28:4d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5f:5b:a6:d7:46:a5:82:6b:e3:15:34:70:fa:40:53:f5:b9:e8:0f:83:c3:7f:03:4f:57:94:74:15:d4:d8:49:f1
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 61KB - Virtual size: 61KB

.themida
Size: - Virtual size: 7.6MB

.boot
Size: 5.4MB - Virtual size: 5.4MB