dbcb1f45f157b890dfc02c905ad32306_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbcb1f45f157b890dfc02c905ad32306_JaffaCakes118
Size

972KB
MD5

dbcb1f45f157b890dfc02c905ad32306
SHA1

46f3194d2225ce57474b7a792a88f032e81159a2
SHA256

444d548715ac0b7e8d4a2160dfbd582cff1841e5c7062a8311e4cfe04593ccb8
SHA512

4f60b171aae698fd575c62d6e4c07f705a3ec539363989b196854be0488504ee9542df887b396352312b843d5690a689d300dd0b57e1270f5257e951f819c0de
SSDEEP

24576:oyiV7+pEtyHCfHgZbDCedjY+rnH0ah1lH5LBSCVAlibSIOe:3lpEMcg5jY+rNPNBVtbSIOe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbcb1f45f157b890dfc02c905ad32306_JaffaCakes118

Files

dbcb1f45f157b890dfc02c905ad32306_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fd6542cee63ed49aa06393da6a01f4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1168

msvcrt

__set_app_type

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

EnableWindow
MessageBoxA

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida0
Size: - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida1
Size: - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida2
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ