c15a34f4a416bd5e37575a1ac2d013c9_JaffaCakes118 | Triage

Sharing

General

Target

c15a34f4a416bd5e37575a1ac2d013c9_JaffaCakes118
Size

1.8MB
MD5

c15a34f4a416bd5e37575a1ac2d013c9
SHA1

70857e856bb17deafa260c0db298137cb55873c5
SHA256

18efcaf65d07160fd0dc967c8303946981aad1a1ca5c6ad9ee5815c34cacde0e
SHA512

d81d4f1ba77bc07590641697c135290a07d6b8895e081d06134a9cdd13d42d0b295b3ef0aa7fd576d51b60d062ccab9119fecdbd1afe5e01684a1cff8f58804f
SSDEEP

24576:rT7AC5h5fd9D0mzmjC0ejRBqkYAqYh+GcJTAigI3OE9ORXKu/2RYIe2KyWeu+u2I:jAS7fQRCD3dfwGA3gqOmc2RLe2anoGb

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c15a34f4a416bd5e37575a1ac2d013c9_JaffaCakes118

Files

c15a34f4a416bd5e37575a1ac2d013c9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 191KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 33KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ