cf2c7ab19e48c3d541ee24eb070f0da7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf2c7ab19e48c3d541ee24eb070f0da7_JaffaCakes118
Size

3.5MB
MD5

cf2c7ab19e48c3d541ee24eb070f0da7
SHA1

c8e8eb4f13482d86de16166a48032222fae5d2a9
SHA256

2973da226d293a03760d0c105cce31d677e59ac7f0337d36e85d1e6ccdeca95e
SHA512

8fdaca0d812b83765c3e04251bb430ab32835c202ade1728f4fb7d766a58e76667deadc37fdc31ba8bba30b7f3169bc793250969674c58c45851bf117006e343
SSDEEP

98304:/t8txjUHsBacsj8ZM6rf5YCF4akwhNhIMMMZMMM:/t8LAsBZfZM6jZFlNh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf2c7ab19e48c3d541ee24eb070f0da7_JaffaCakes118

Files

cf2c7ab19e48c3d541ee24eb070f0da7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.5MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 952KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhqg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE