cf0aa3d9100de291c57baa845251b3cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf0aa3d9100de291c57baa845251b3cd_JaffaCakes118
Size

1.3MB
MD5

cf0aa3d9100de291c57baa845251b3cd
SHA1

ef54bddc69fa3a2838cdeb623d7f8774554c44af
SHA256

5e56041d94caf895f9d3c7a5b7c8c6b0382788252b5261020875bdd27be641af
SHA512

198f6e45bf05b3545b1458bf3e49d230c244d7fcd5a8957116fe592de9a27c77896342509ec20232d5df5773a0fed8dc8d48e3198d1e24c4e735a409cf105075
SSDEEP

24576:g1Hbj2ietlp3kum3CXiubaH7DvEj2CZ+E9O4eU349ttl8aB8lQhmjIYN2s2flICe:g17jolp3TZbEX1CQAWH8lawksAMH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf0aa3d9100de291c57baa845251b3cd_JaffaCakes118

Files

cf0aa3d9100de291c57baa845251b3cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE