a760f6f0f3ac422ae337e4674a958e34_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a760f6f0f3ac422ae337e4674a958e34_JaffaCakes118
Size

1.8MB
MD5

a760f6f0f3ac422ae337e4674a958e34
SHA1

4e7be7b15248e3f180f9f64b180b1a73b64b4418
SHA256

640f66ffee50949c1c6cc0a030302a401e6b19a193685d7e34dbf7f077a13fac
SHA512

1a5ef90a4a5706dc4f79aa45a44299ac132ac7c83ec154a30d51956d59e7d71e0866abd97a9982c8e51c670422a21724eb0d8f583926d39858c99f6aef182b95
SSDEEP

49152:dkrvl6ukJoecO5PCmdo5uMjhDJgz1g8wY5Xb1Qydwj:wt6w89C+5MdJg+4b1QydK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a760f6f0f3ac422ae337e4674a958e34_JaffaCakes118

Files

a760f6f0f3ac422ae337e4674a958e34_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0GBufferedFile@@IAE@XZ
??0GBufferedFile@@QAE@PAVGFile@@@Z
??0GEvent@@QAE@_N0@Z
??0GImage@@QAE@ABV0@@Z
??0GImage@@QAE@ABVGImageBase@@@Z
??0GImage@@QAE@W4ImageFormat@GImageBase@@KK@Z
??0GImage@@QAE@XZ
??0GMutex@@QAE@_N0@Z
??0GRefCountBaseImpl@@QAE@PAVGRefCountImpl@@0@Z
??0GRefCountBaseImpl@@QAE@XZ
??0GSemaphore@@QAE@H_N@Z
??0GSysFile@@QAE@PBDHH@Z
??0GSysFile@@QAE@XZ
??0GThread@@QAE@IH@Z
??0GThread@@QAE@P6AHPAV0@PAX@Z1IHW4ThreadState@0@@Z
??0GWaitCondition@@QAE@XZ
??1GAcquireInterface@@UAE@XZ
??1GBufferedFile@@UAE@XZ
??1GDefaultAcquireInterface@@UAE@XZ
??1GEvent@@UAE@XZ
??1GFxLoader@@UAE@XZ
??1GImage@@UAE@XZ
??1GMutex@@UAE@XZ
??1GRefCountBaseImpl@@UAE@XZ
??1GSemaphore@@UAE@XZ
??1GThread@@UAE@XZ
??1GWaitCondition@@QAE@XZ
??EGSemaphore@@QAEHH@Z
??FGSemaphore@@QAEHH@Z
??YGSemaphore@@QAEHH@Z
??ZGSemaphore@@QAEHH@Z
??_FGEvent@@QAEXXZ
??_FGMutex@@QAEXXZ
??_FGSemaphore@@QAEXXZ
??_FGThread@@QAEXXZ
?Acquire@GWaitable@@QAE_NI@Z
?AcquireMultipleObjects@GAcquireInterface@@SA_NPAPAVGWaitable@@II@Z
?AcquireOneOfMultipleObjects@GAcquireInterface@@SAHPAPAVGWaitable@@II@Z
?AddWaitHandler@GWaitable@@QAE_NP6AXPAX@Z0@Z
?Append@GMatrix2D@@QAEAAV1@ABV1@@Z
?Blend@GColor@@SG?AV1@V1@0M@Z
?BytesAvailable@GBufferedFile@@UAEHXZ
?CallWaitHandlers@GWaitable@@QAEXXZ
?CallWaitHandlers@HandlerArray@GWaitable@@QAEXXZ
?CanAcquire@GAcquireInterface@@UAE_NXZ
?CanAcquire@GEvent@@UAE_NXZ
?CanAcquire@GMutex@@UAE_NXZ
?CanAcquire@GSemaphore@@UAE_NXZ
?ChangeSize@GBufferedFile@@UAE_NH@Z
?Close@GBufferedFile@@UAE_NXZ
?Close@GSysFile@@UAE_NXZ
?ConvertHSIToRGB@GColor@@SGXNNNPAN00@Z
?ConvertRGBToHSI@GColor@@SGXNNNPAN00@Z
?CopyFromStream@GBufferedFile@@UAEHPAVGFile@@H@Z
?CreateWaitableIncrement@GSemaphore@@QAEPAVGWaitable@@H@Z
?DoesFlip@GMatrix2D@@QBE_NXZ
?EncloseTransform@GMatrix2D@@QBEXPAV?$GRect@M@@ABV2@@Z
?Exit@GThread@@UAEXH@Z
?FinishAllThreads@GThread@@SAXXZ
?Flush@GBufferedFile@@UAE_NXZ
?FlushBuffer@GBufferedFile@@IAEXXZ
?Format@GColor@@QBEXPAD@Z
?Format@GMatrix2D@@QBEXPAD@Z
?GetAcquireInterface@GEvent@@UAEPAVGAcquireInterface@@XZ
?GetAcquireInterface@GMutex@@UAEPAVGAcquireInterface@@XZ
?GetAcquireInterface@GSemaphore@@UAEPAVGAcquireInterface@@XZ
?GetAcquireInterface@GWaitable@@UAEPAVGAcquireInterface@@XZ
?GetCPUCount@GThread@@SAHXZ
?GetDefaultAcquireInterface@GDefaultAcquireInterface@@SAPAV1@XZ
?GetDeterminant@GMatrix2D@@QBEMXZ
?GetErrorCode@GSysFile@@UAEHXZ
?GetExitFlag@GThread@@QBE_NXZ
?GetFileStat@GSysFile@@SA_NPAUGFileStat@@PBD@Z
?GetHSI@GColor@@QBEXPAH00@Z
?GetHSI@GColor@@QBEXPAM00@Z
?GetHSV@GColor@@QBEXPAH00@Z
?GetHSV@GColor@@QBEXPAM00@Z
?GetLength@GBufferedFile@@UAEHXZ
?GetMaxScale@GMatrix2D@@QBEMXZ
?GetRotation@GMatrix2D@@QBENXZ
?GetThreadState@GThread@@QBE?AW4ThreadState@1@XZ
?GetX@GMatrix2D@@QBEMXZ
?GetXScale@GMatrix2D@@QBENXZ
?GetY@GMatrix2D@@QBEMXZ
?GetYScale@GMatrix2D@@QBENXZ
?IsFinished@GThread@@QBE_NXZ
?IsLockedByAnotherThread@GMutex@@QAE_NXZ
?IsSignaled@GEvent@@UBE_NXZ
?IsSignaled@GMutex@@UBE_NXZ
?IsSignaled@GSemaphore@@UBE_NXZ
?IsSignaled@GWaitable@@UBE_NXZ
?IsSuspended@GThread@@QBE_NXZ
?IsValid@GMatrix2D@@QBE_NXZ
?IsValid@GSysFile@@UAE_NXZ
?LGetLength@GBufferedFile@@UAE_JXZ
?LSeek@GBufferedFile@@UAE_J_JH@Z
?LTell@GBufferedFile@@UAE_JXZ
?LoadBuffer@GBufferedFile@@IAEXXZ
?Lock@GMutex@@QAEXXZ
?MSleep@GThread@@UAE_NI@Z
?Notify@GWaitCondition@@QAEXXZ
?NotifyAll@GWaitCondition@@QAEXXZ
?ObtainSemaphore@GSemaphore@@QAE_NHI@Z
?OnExit@GThread@@UAEXXZ
?Open@GSysFile@@QAE_NPBDHH@Z
?Prepend@GMatrix2D@@QAEAAV1@ABV1@@Z
?PulseEvent@GEvent@@QAEXXZ
?Read@GBufferedFile@@UAEHPAEH@Z
?Release@HandlerArray@GWaitable@@QAEXXZ
?ReleaseSemaphore@GSemaphore@@QAE_NH@Z
?RemoveWaitHandler@GWaitable@@QAE_NP6AXPAX@Z0@Z
?ResetEvent@GEvent@@QAEXXZ
?Resume@GThread@@QAE_NXZ
?Run@GThread@@UAEHXZ
?Seek@GBufferedFile@@UAEHHH@Z
?SetBufferMode@GBufferedFile@@IAE_NW4BufferModeType@1@@Z
?SetEvent@GEvent@@QAEXXZ
?SetExitFlag@GThread@@QAEX_N@Z
?SetHSI@GColor@@QAEXHHH@Z
?SetHSI@GColor@@QAEXMMM@Z
?SetHSV@GColor@@QAEXHHH@Z
?SetHSV@GColor@@QAEXMMM@Z
?SetIdentity@GMatrix2D@@QAEXXZ
?SetInverse@GMatrix2D@@QAEXABV1@@Z
?SetLerp@GMatrix2D@@QAEXABV1@0M@Z
?SetRefCountMode@GRefCountBaseImpl@@QAE_NI@Z
?SkipBytes@GBufferedFile@@UAEHH@Z
?Sleep@GThread@@UAE_NI@Z
?Start@GThread@@UAE_NW4ThreadState@1@@Z
?Suspend@GThread@@QAE_NXZ
?Swap@GMatrix2D@@QAEXPAV1@@Z
?Tell@GBufferedFile@@UAEHXZ
?Transform@GMatrix2D@@QBEXPAV?$GPoint@M@@ABV2@@Z
?TransformByInverse@GMatrix2D@@QBEXPAV?$GPoint@M@@ABV2@@Z
?TransformVector@GMatrix2D@@QBEXPAV?$GPoint@M@@ABV2@@Z
?TryAcquire@GAcquireInterface@@UAE_NXZ
?TryAcquire@GEvent@@UAE_NXZ
?TryAcquire@GMutex@@UAE_NXZ
?TryAcquire@GSemaphore@@UAE_NXZ
?TryAcquireCancel@GAcquireInterface@@UAE_NXZ
?TryAcquireCancel@GEvent@@UAE_NXZ
?TryAcquireCancel@GMutex@@UAE_NXZ
?TryAcquireCancel@GSemaphore@@UAE_NXZ
?TryAcquireCommit@GAcquireInterface@@UAE_NXZ
?TryAcquireCommit@GEvent@@UAE_NXZ
?TryAcquireCommit@GMutex@@UAE_NXZ
?TryAcquireCommit@GSemaphore@@UAE_NXZ
?TryLock@GMutex@@QAE_NXZ
?Unlock@GMutex@@QAEXXZ
?Wait@GEvent@@QAE_NI@Z
?Wait@GWaitCondition@@QAE_NPAVGMutex@@I@Z
?Wait@GWaitable@@QAE_NI@Z
?Write@GBufferedFile@@UAEHPBEH@Z

Sections

Size: 1.2MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 560KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.2MB - Virtual size: 2.9MB

.rsrc Size: 4KB - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 560KB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 560KB - Virtual size: 1.2MB