b46b988f9202786b0a161250fddb8ead_JaffaCakes118 | Triage

Sharing

General

Target

b46b988f9202786b0a161250fddb8ead_JaffaCakes118
Size

160KB
MD5

b46b988f9202786b0a161250fddb8ead
SHA1

a599e0fd47a81e796000f56bfae9bbae0b4b9955
SHA256

cc242abba01a353686d8048047d50caf3284e29b34a7aa37033e719a47ede1ba
SHA512

08646ed42fd3931a5cd7312b49c4e8585c2272f5f21e66d130fb225e11dcd624663147883a3d40a45c62d8328bd6db2c8756a8a3d5390fb6c0bc5999949ad7af
SSDEEP

3072:uakV4hspM+DZRTUlCxWT0/bXhPl0MlrVP6D03KXadnRBPiILCM8:uPV4aFTIChbXhPhXioaXadvS7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b46b988f9202786b0a161250fddb8ead_JaffaCakes118

Files

b46b988f9202786b0a161250fddb8ead_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 302KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 655KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE