eec72c56205133a14653f20495a0d300_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eec72c56205133a14653f20495a0d300_JaffaCakes118
Size

3.0MB
MD5

eec72c56205133a14653f20495a0d300
SHA1

8fb340c3d07222a67bdbdbe97775ae5f00f7ba83
SHA256

666800a5ce4cae04d7a3dc47c9db69678c116b4f660aacbb3514456620b0cb9c
SHA512

3542f068811d0754a75eba4f42b300b7085aa21d9e45ad1e36fdff15fc3d89df704f9e7dc73a235137d49d3261bf84f7676870092d262234e9d9928c1311320d
SSDEEP

49152:ECPBfg6jcmAIg3dAmIg8PpnQNiyjEWo2nJkJJk+saeYObJPsPDhzpi8eJ1:E+SmAjtARnQNiMNrJkJOanOdPODZQ8eP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

eec72c56205133a14653f20495a0d300_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:c8:44:fc:76:05:6d:d6:92:6c:c0:e8:42:0d:db:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/08/2020, 00:00

Not After

18/08/2023, 12:00

Subject

CN=Dash Core Group Inc.,O=Dash Core Group Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:f2:e9:9f:d8:10:01:38:b0:c3:b9:f3:a5:6a:4e:26:48:bf:27:17
Signer

Actual PE Digest

52:f2:e9:9f:d8:10:01:38:b0:c3:b9:f3:a5:6a:4e:26:48:bf:27:17

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 81KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 911KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:c8:44:fc:76:05:6d:d6:92:6c:c0:e8:42:0d:db:74Certificate

Extended Key Usages

Key Usages

52:f2:e9:9f:d8:10:01:38:b0:c3:b9:f3:a5:6a:4e:26:48:bf:27:17Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 81KB - Virtual size: 208KB

.rsrc Size: 911KB - Virtual size: 911KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 4.7MB

.boot Size: 2.0MB - Virtual size: 2.0MB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:c8:44:fc:76:05:6d:d6:92:6c:c0:e8:42:0d:db:74
Certificate

52:f2:e9:9f:d8:10:01:38:b0:c3:b9:f3:a5:6a:4e:26:48:bf:27:17
Signer

.rsrc
Size: 911KB - Virtual size: 911KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: 2.0MB - Virtual size: 2.0MB