da9318111694a2c3e0fa02ca808b5eb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da9318111694a2c3e0fa02ca808b5eb8_JaffaCakes118
Size

3.9MB
MD5

da9318111694a2c3e0fa02ca808b5eb8
SHA1

16df48f98d54d31934d3aa0d774a4bb360ab4e46
SHA256

0d54ba12acd035a931136ce780ca458342885553eb6999ea036e8e27aac5f597
SHA512

8fe62acc83b45b876c9be5c02323224c3330160ddce014026bec247069d18f0978198d93277813e4342df9070a799a21b1260e910587439ac903ec315108eab8
SSDEEP

49152:kVbVVIC64xcgFrIuTZ7eRpWqITkIqARivLzCvDw48jAJMCse9:uVVa4qQrIAZ7eRJ2qARiTzCvsNECCf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da9318111694a2c3e0fa02ca808b5eb8_JaffaCakes118

Files

da9318111694a2c3e0fa02ca808b5eb8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 137KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 585B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ