abae735d8bbf5c9b75cbd47d5ae49053_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abae735d8bbf5c9b75cbd47d5ae49053_JaffaCakes118
Size

3.7MB
MD5

abae735d8bbf5c9b75cbd47d5ae49053
SHA1

e5d1bfc96d4a6ae0cf35d6a1e8e9fd2028d4e8ad
SHA256

d50cf2d979aaa99d2e39a2b1b99e99cdcb3f57d8a6f3ff842253a929bb2ff924
SHA512

da247f79775a54b86ae550c09baafae01809cf701fabb2f742d81d94485447ce03ed12fea2e6c0c707c04e108ee14d52fbf411b6111d36a834f6410df4c45dda
SSDEEP

98304:ZA7/x9jjbZU4QRhyVfA1Mdb8Ime7usqyJLZhZe6r0+n8:2UNylAydb8Eue5Zh9r0+n8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abae735d8bbf5c9b75cbd47d5ae49053_JaffaCakes118

Files

abae735d8bbf5c9b75cbd47d5ae49053_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 60KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 316B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ