bfcfaff31ce009a9339273943a1f02aa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfcfaff31ce009a9339273943a1f02aa_JaffaCakes118
Size

4.9MB
MD5

bfcfaff31ce009a9339273943a1f02aa
SHA1

cd893242d13d0da07588843a00a8eed6d2bec5e2
SHA256

de34f7d77b6e2d8a79ff5a2a4eceed7395249ee6889e5f349fbd10eacc6cacfe
SHA512

7a46f25e826e53884b192ffc1cd72fcbd1d09b10ddc72d72d11705bc63425a3135f2dc7b0dad50322699bf2e6cc6c77b39ae0ddd68096ac8fe8cc42d99758cb9
SSDEEP

98304:v0AxTEiuAp4yKzf3mp3xf0vl0Hf8h5dmMQG5ruVIp3crQ+hEqQXukd4ADcItwz:nx6AGDzPmdxMv2/6dQG5ruVyMrQ+CHGN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfcfaff31ce009a9339273943a1f02aa_JaffaCakes118

Files

bfcfaff31ce009a9339273943a1f02aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 526KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 749B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ