ab2296bb57e04d0620d2b4a471952550_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab2296bb57e04d0620d2b4a471952550_JaffaCakes118
Size

1.5MB
MD5

ab2296bb57e04d0620d2b4a471952550
SHA1

fc0e15a324bb5298e1338fd0a9ceaf03c270ef3b
SHA256

f1b50aa682f4ddcf954f1dd4af6e2c9d0162458b37635fb9d7a7d847b76c0b75
SHA512

ae9785ae6c44f1be0c36314f43c213ed814dd629e29a35ff89a0b0e3f018438542122c5f51804dfc6196d15f131ee10a32266f78b51af909bcdfc55d55a2bdb4
SSDEEP

24576:272tsnw4tanLmXjmIXbY4MoJ+Faj7SlzuWA13HrI+FD4Mw3pQA8/s7Uh+x1dXAj6:27U94tHHEP5E0o130+nHF/6UhEAjd7EJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab2296bb57e04d0620d2b4a471952550_JaffaCakes118

Files

ab2296bb57e04d0620d2b4a471952550_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Csocket@Finalize
@@Csocket@Initialize
@@Ffrmbot@Finalize
@@Ffrmbot@Initialize
@@Ffrmlogin@Finalize
@@Ffrmlogin@Initialize
@@Main@Finalize
@@Main@Initialize
___CPPdebugHook
_dlgAddition
_dlgCZ
_dlgInterClient
_dlgMaden
_dlgParty
_frmBot
_frmLogin

Sections

Size: 765KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 711KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE