cde4ca1cb92889590d0841ecfa485717_JaffaCakes118 | Triage

Sharing

General

Target

cde4ca1cb92889590d0841ecfa485717_JaffaCakes118
Size

1.4MB
MD5

cde4ca1cb92889590d0841ecfa485717
SHA1

ba484d842942bbe741e073d1e9ebf6c6b03fbccb
SHA256

972272095dfe883ea755e86b2daa6318a4f6a898fc8373b6b0ca0b4ae4c2d0af
SHA512

bdbfa3161b2a1fdfe66652f8cd133e3ed52a457f5c408b81ef773aa4ae6bd84988c420407aa339282f3789f284e845cc7e70591149ac4cd47d93d7f8899130d7
SSDEEP

24576:lux0Mymnqwex2CVA2OaYr//r5thtsz+0u7T537b8NvVc5w:wuqnOx28OaYzdthtsUl7b2h

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cde4ca1cb92889590d0841ecfa485717_JaffaCakes118

Files

cde4ca1cb92889590d0841ecfa485717_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE