b34a49ee6ebcc4330e23b07fb1ee6a6c_JaffaCakes118 | Triage

Sharing

General

Target

b34a49ee6ebcc4330e23b07fb1ee6a6c_JaffaCakes118
Size

1.3MB
MD5

b34a49ee6ebcc4330e23b07fb1ee6a6c
SHA1

9fd319f266c74b1537b89c287f1b216f4ebc0432
SHA256

e00b8ed590913eee9d63aef4f921386b858f8c7f6f18290eac4d62c230301091
SHA512

19f73165e555304126cda82b56c21f669891a0722911ef7b9fea52a9c6c85e336cb5382db99a187adaf6fd8d2316034cde85b873d3f001db91046d8f79e8e1b2
SSDEEP

24576:PgtWez4ana9oWYqz0rxiFbHKiiLaJR5F5LBcc3ei0OTxnhKygk8s1ByiUE4ky:N04k7qzA0JTiLa1F5KjJsC9Gy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b34a49ee6ebcc4330e23b07fb1ee6a6c_JaffaCakes118

Files

b34a49ee6ebcc4330e23b07fb1ee6a6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE