d6ac4f52ad41f473bd49a68319baca64_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6ac4f52ad41f473bd49a68319baca64_JaffaCakes118
Size

7.6MB
MD5

d6ac4f52ad41f473bd49a68319baca64
SHA1

e9d7164168e6820b6973e99781f6427fe1458a40
SHA256

dcd875e006c7bf99776342e608f3047a9c1ffb94dfc2c420728d75025c62c146
SHA512

303392466f68bb3fe67b40b6457021de326859159814b159edf255c7da55650d7edd9c4c994e7b6f4edfb4aa248612234fac4b4f3a11b2cc8d8cf632f96256af
SSDEEP

98304:DoN79TYGsD62USHaQUtq3pFCyUIuBhdtal8WGrfXsuwb:Ds7pYGrd3tlrhSarPs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ac4f52ad41f473bd49a68319baca64_JaffaCakes118

Files

d6ac4f52ad41f473bd49a68319baca64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE