cee9ae6d6b7adf3e5d3730b88c35c738_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cee9ae6d6b7adf3e5d3730b88c35c738_JaffaCakes118
Size

1.3MB
MD5

cee9ae6d6b7adf3e5d3730b88c35c738
SHA1

41996f523929c56d53312d272701a5995b712860
SHA256

4777299b00f3ae18d3a46b2e1a7013009c97fc5db3b7bf6e2352d73526de0a71
SHA512

319725acb2d8dd17e79a507978362bb5900f4c1228f6ed2f57594d394a94f761948b864dc03492198763657eb8c639cf9e7389f0a9ea1c03ccbeaf08bda96917
SSDEEP

24576:LqGOnbeAIqxnd40y3Ue395/bMB2XsFVTRZqiUH33xLDpSid:GPx94PUGH9s7LqLhd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cee9ae6d6b7adf3e5d3730b88c35c738_JaffaCakes118

Files

cee9ae6d6b7adf3e5d3730b88c35c738_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 337KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bhero0
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bhero1
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 624KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE