b0008eb8c26f5060ae76c8e296e53119_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0008eb8c26f5060ae76c8e296e53119_JaffaCakes118
Size

2.3MB
MD5

b0008eb8c26f5060ae76c8e296e53119
SHA1

aac45d8d0e907369d5762aeb8f49f1cae33e7854
SHA256

e50642baac45a6ca086ad2291a3a02f7fa3622ed3cfe42d5a0c412b85b7aa8f3
SHA512

c97e934344a1980af22143da184055e88e56402b542d6ed17e4099491dacd9cb8bc830b25d55ab4ceb5d51b4ff3ff024d47687fb6988d35953b00de9b65c173b
SSDEEP

49152:EGW09rcYmDydtZh5eTtPvApbXN/k03cBP/at7ZMBm2wvxcovzpo:H2BydtrStwxJ3S/akm2wZcovzpo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/v0.1-patch/main.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v0.1-patch/AntiHack.dll
unpack001/v0.1-patch/Splash/Splash.exe
unpack001/v0.1-patch/main.exe

Files

b0008eb8c26f5060ae76c8e296e53119_JaffaCakes118
.rar
v0.1-patch/AntiHack.dll
.dll windows:5 windows x86 arch:x86

de04c6b350537332c441f5a15d04b7f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

kernel32

GlobalFlags
LoadLibraryA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
CreateFileA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GetLocaleInfoA
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
CompareStringA
lstrcmpA
GlobalGetAtomNameA
GetModuleFileNameA
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
CreateThread
GetCurrentProcess
GetProcAddress
GetVersionExA
TerminateProcess
CreateProcessA
GetModuleHandleA
Sleep
GetCurrentProcessId
GetWindowsDirectoryA
Module32First
ReadProcessMemory
OpenProcess
Process32First
CloseHandle
ExitProcess
Process32Next
CreateToolhelp32Snapshot

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
EnableMenuItem
CheckMenuItem
SetWindowPos
GetDlgItem
GetFocus
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
MessageBoxA
FindWindowA
GetParent
GetWindowThreadProcessId
SetWindowTextA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
UnhookWindowsHookEx
LoadCursorA
GetWindowTextA
GetClassNameA
GetWindow
IsWindow
SendMessageA
AnimateWindow
WindowFromPoint
GetWindowLongA
EnumChildWindows
GetDC
SetWindowLongA
LockWindowUpdate
DestroyMenu
PostQuitMessage
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ModifyMenuA

gdi32

GetStockObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode
Rectangle
TextOutA
DeleteDC
ScaleViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
GetDeviceCaps
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
RectVisible
PtVisible

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v0.1-patch/Splash/Splash.exe
.exe windows:4 windows x86 arch:x86

83049966475b88282015d0fbd4c217f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v0.1-patch/main.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.5MB - Virtual size: 126.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 645KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de04c6b350537332c441f5a15d04b7f5

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

advapi32

oleacc

winspool.drv

oleaut32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 13KB - Virtual size: 27KB

.reloc Size: 27KB - Virtual size: 27KB

83049966475b88282015d0fbd4c217f3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

Size: 1.5MB - Virtual size: 126.5MB

.rsrc Size: 3KB - Virtual size: 8KB

.LibHook Size: 573B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 645KB - Virtual size: 1.4MB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 13KB - Virtual size: 27KB

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 8KB

.LibHook
Size: 573B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 645KB - Virtual size: 1.4MB