b6dcea6bdd30a094abe5c364a794b6ea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6dcea6bdd30a094abe5c364a794b6ea_JaffaCakes118
Size

2.7MB
MD5

b6dcea6bdd30a094abe5c364a794b6ea
SHA1

9e9371c3c4354417ead193ffe0f1485e51e66f93
SHA256

55a36464cc3cd9fc1083d073b887c0805f8fd4d2e5304b32cea3b0dfb7d29165
SHA512

ba3172c395218bc159ee22861b2cd3f78b42dc0c4e0f4aa5e0ac6ed28a09206ebe2cb0c7214094f89ff09e87711034109ff4ed874574d159e2e70175e35427d0
SSDEEP

24576:6+13umlSNC2X7IEKS6AHPctyJZe1R91FiqFQypkI8KJaZFwHgn2KbJnkMRpzYcUq:X13um8EaBK7AHPc7WfbJnkMLEcL/g

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6dcea6bdd30a094abe5c364a794b6ea_JaffaCakes118

Files

b6dcea6bdd30a094abe5c364a794b6ea_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 483KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 649KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE