f71ede55874af4698c12ae449b428860_JaffaCakes118 | Triage

Sharing

General

Target

f71ede55874af4698c12ae449b428860_JaffaCakes118
Size

4.1MB
MD5

f71ede55874af4698c12ae449b428860
SHA1

77770e8de8d7c88f06aa3b7ce8d912d2c0dc40ec
SHA256

19842decdb7cc2e564d09efd2b3c87d6a4a4933291b2e1200f09efa91f648492
SHA512

82092816dea849974058da11001af6e4d16ecb4d7ac1847ebc3d55a7ccd6a49884bfdcffcadef4ec6b79e909dbb8045903ff8869608cc4a3ac597e7f71f107e4
SSDEEP

49152:Lz2vYuBBuTKQiJWmdF97X2jfCsHe8fAIwgw4lAAx9BhmDnAchTuXCIv4E589/DJO:H2ET0bX21He8fAIwgw4lAAx9BhmMdL3Z

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f71ede55874af4698c12ae449b428860_JaffaCakes118

Files

f71ede55874af4698c12ae449b428860_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 20KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.4MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE