e25eaf947288dd08ffa1ea8f08908028_JaffaCakes118

General

Target

e25eaf947288dd08ffa1ea8f08908028_JaffaCakes118
Size

1.6MB
MD5

e25eaf947288dd08ffa1ea8f08908028
SHA1

f8dd3b303f57b73ddf150daaf95a867a2541e857
SHA256

68056f71b88d24f72bdf5218127fa569ead83f57b65df643798d019254483a8b
SHA512

f0401d2c748d3505c6d364c01e87b23841789ce23097f2f23dea07fcbc8de905e9251ab5c75f807a482e0c90bbbb79915aa422ebaf8df3874189b244c489286d
SSDEEP

49152:8HybJExhUIr/42rPL4jEeuGEsbUyoo3BNjWu2Splm:8HgEwIRrP3Bi/o6Nau2Splm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e25eaf947288dd08ffa1ea8f08908028_JaffaCakes118

Files

e25eaf947288dd08ffa1ea8f08908028_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Armymedicinelist@Finalize
@@Armymedicinelist@Initialize
@@Auctionselllist@Finalize
@@Auctionselllist@Initialize
@@Config@Finalize
@@Config@Initialize
@@Foodlist@Finalize
@@Foodlist@Initialize
@@Game@Finalize
@@Game@Initialize
@@Grocerieslist@Finalize
@@Grocerieslist@Initialize
@@Ibshopbuylist@Finalize
@@Ibshopbuylist@Initialize
@@Itemdepositlist@Finalize
@@Itemdepositlist@Initialize
@@Itemfilterlist@Finalize
@@Itemfilterlist@Initialize
@@Itemmakelist@Finalize
@@Itemmakelist@Initialize
@@Itemselllist@Finalize
@@Itemselllist@Initialize
@@Itemuselist@Finalize
@@Itemuselist@Initialize
@@Medicinelist@Finalize
@@Medicinelist@Initialize
@@Npcattacklist@Finalize
@@Npcattacklist@Initialize
@@Npcblacklist@Finalize
@@Npcblacklist@Initialize
@@Picklist@Finalize
@@Picklist@Initialize
@@Sendmaillist@Finalize
@@Sendmaillist@Initialize
@@Ui@Finalize
@@Ui@Initialize
@@Wantedmedicinelist@Finalize
@@Wantedmedicinelist@Initialize
_ArmyMedicineListForm
_AuctionSellListForm
_ConfigForm
_FoodListForm
_GroceriesListForm
_IbShopBuyListForm
_ItemDepositListForm
_ItemFilterListForm
_ItemMakeListForm
_ItemSellListForm
_ItemUseListForm
_MainForm
_MedicineListForm
_NpcAttackListForm
_NpcBlackListForm
_PickListForm
_SendMailListForm
_WantedMedicineListForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

Size: 839KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 676KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 839KB - Virtual size: 2.4MB

.rsrc Size: 83KB - Virtual size: 912KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 676KB - Virtual size: 1.4MB

.rsrc
Size: 83KB - Virtual size: 912KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 676KB - Virtual size: 1.4MB