ae8f55362ec95147b234df0ffa1f8dfd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae8f55362ec95147b234df0ffa1f8dfd_JaffaCakes118
Size

704KB
MD5

ae8f55362ec95147b234df0ffa1f8dfd
SHA1

2f9ec1e2d66568d8fdf6f867670e95c7a978a3d6
SHA256

5d3135545a9b403070a98402e39b72f3a50828509568094bb22c6c046995a2e6
SHA512

9aa2ff4ab4b7d33fec6132c2184f387fa23541dfd96c644fd85c9563635ad3a7732ae06ea798d45a90e93c782997acd0466ba88bde4e94279ef51fa3ef041ef2
SSDEEP

12288:bUBrdyKYlIpmetsmndYG/m+Sy+SIBstNk9pKyHk7F++abe2X0k7X6suRW:2tYkjLD3TI2tWvHN+aX0qLuQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae8f55362ec95147b234df0ffa1f8dfd_JaffaCakes118

Files

ae8f55362ec95147b234df0ffa1f8dfd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fd6542cee63ed49aa06393da6a01f4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1168

msvcrt

__set_app_type

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

EnableWindow
MessageBoxA

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida0
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida1
Size: - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida2
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ