a58f14aee5eb484dcb3197f6282a1c7f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a58f14aee5eb484dcb3197f6282a1c7f_JaffaCakes118
Size

2.7MB
MD5

a58f14aee5eb484dcb3197f6282a1c7f
SHA1

17dd1202c3b59b2c101b6bf08b27b6cbbf39fd72
SHA256

b711ca73a0448143c2df3f3d0119e73d0fe2d1b8f8daee854881088c1f0938ca
SHA512

abd6f37b986f389909c9fd4a4f3b1c7ee396d8983edbfea3d785eab0ecf4f43b421490c6f3e4a70a975f1700c29a08ca7ab45eca13eb21008fff9eba3da3b483
SSDEEP

49152:IJfiYQ9LrO2lr83jI2iJS6ir55Tj43lfouIyjQQpB7bpBKY+L2t:IJ5cO2w0zirfI3OuISJB71BKYOi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a58f14aee5eb484dcb3197f6282a1c7f_JaffaCakes118

Files

a58f14aee5eb484dcb3197f6282a1c7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.5MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE