bd94da06968a86ef950a0bad7e934650_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd94da06968a86ef950a0bad7e934650_JaffaCakes118
Size

937KB
MD5

bd94da06968a86ef950a0bad7e934650
SHA1

3d3da8445b69787e0d44d90b5a89fd24972ad32d
SHA256

0d34d1973712cf8cca2c8e7a9c83ae88f6f6013c4dd79b774648f3edc188fd20
SHA512

e243568e5d840450e0505af1a9a90063cd8a0f3f3193b5d045ad6547b7102198206b1c846fa21459c7847b4dc193594867c882a69a3a37d27a226705a1954057
SSDEEP

12288:i8JkKEuKjTNc8CR4+CzEKKSwJ4iOoyqlLTSODD1x6TR1DHRbUQLPIBL3gQ1xABOF:iqkKjDR3CzEzSwJ4ppqlv/WHFCQZlq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd94da06968a86ef950a0bad7e934650_JaffaCakes118

Files

bd94da06968a86ef950a0bad7e934650_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$14Jpeg@TJPEGData
@$xp$15Jpeg@TJPEGImage
@$xp$15Jpeg@TJPEGScale
@$xp$21Jpeg@TJPEGPerformance
@$xp$21Jpeg@TJPEGPixelFormat
@$xp$22Jpeg@TJPEGQualityRange
@@Cimage@Finalize
@@Cimage@Initialize
@@Filemapping@Finalize
@@Filemapping@Initialize
@@Formmain@Finalize
@@Formmain@Initialize
@@Httpexchange@Finalize
@@Httpexchange@Initialize
@@Shotdownpc_form@Finalize
@@Shotdownpc_form@Initialize
@@Thread_getnewversion@Finalize
@@Thread_getnewversion@Initialize
@Jconsts@Finalization$qqrv
@Jconsts@_sChangeJPGSize
@Jconsts@_sJPEGError
@Jconsts@_sJPEGImageFile
@Jconsts@initialization$qqrv
@Jpeg@Finalization$qqrv
@Jpeg@JPEGDefaults
@Jpeg@TJPEGData@
@Jpeg@TJPEGData@$bdtr$qqrv
@Jpeg@TJPEGData@FreeHandle$qqrv
@Jpeg@TJPEGImage@
@Jpeg@TJPEGImage@$bctr$qqrv
@Jpeg@TJPEGImage@$bdtr$qqrv
@Jpeg@TJPEGImage@Assign$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@AssignTo$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@CalcOutputDimensions$qqrv
@Jpeg@TJPEGImage@Changed$qqrp14System@TObject
@Jpeg@TJPEGImage@Compress$qqrv
@Jpeg@TJPEGImage@DIBNeeded$qqrv
@Jpeg@TJPEGImage@Draw$qqrp16Graphics@TCanvasrx11Types@TRect
@Jpeg@TJPEGImage@Equals$qqrp17Graphics@TGraphic
@Jpeg@TJPEGImage@FreeBitmap$qqrv
@Jpeg@TJPEGImage@GetBitmap$qqrv
@Jpeg@TJPEGImage@GetEmpty$qqrv
@Jpeg@TJPEGImage@GetGrayscale$qqrv
@Jpeg@TJPEGImage@GetHeight$qqrv
@Jpeg@TJPEGImage@GetPalette$qqrv
@Jpeg@TJPEGImage@GetWidth$qqrv
@Jpeg@TJPEGImage@JPEGNeeded$qqrv
@Jpeg@TJPEGImage@LoadFromClipboardFormat$qqrusuiui
@Jpeg@TJPEGImage@LoadFromStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@NewBitmap$qqrv
@Jpeg@TJPEGImage@NewImage$qqrv
@Jpeg@TJPEGImage@ReadData$qqrp15Classes@TStream
@Jpeg@TJPEGImage@ReadStream$qqrip15Classes@TStream
@Jpeg@TJPEGImage@SaveToClipboardFormat$qqrrusruit2
@Jpeg@TJPEGImage@SaveToStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@SetGrayscale$qqro
@Jpeg@TJPEGImage@SetHeight$qqri
@Jpeg@TJPEGImage@SetPalette$qqrui
@Jpeg@TJPEGImage@SetPerformance$qqr21Jpeg@TJPEGPerformance
@Jpeg@TJPEGImage@SetPixelFormat$qqr21Jpeg@TJPEGPixelFormat
@Jpeg@TJPEGImage@SetScale$qqr15Jpeg@TJPEGScale
@Jpeg@TJPEGImage@SetSmoothing$qqro
@Jpeg@TJPEGImage@SetWidth$qqri
@Jpeg@TJPEGImage@WriteData$qqrp15Classes@TStream
@Jpeg@initialization$qqrv
_AboutBox
_FormShotdownPC
_MainForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

Size: 474KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 432KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 474KB - Virtual size: 1.1MB

.rsrc Size: 26KB - Virtual size: 120KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 432KB - Virtual size: 1.0MB

.rsrc
Size: 26KB - Virtual size: 120KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 432KB - Virtual size: 1.0MB