fdae909dc6ae092cdf245ac85736bb58_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fdae909dc6ae092cdf245ac85736bb58_JaffaCakes118
Size

5.6MB
MD5

fdae909dc6ae092cdf245ac85736bb58
SHA1

993e05e03c13dd09d1803cccbeac9fbcceb80edf
SHA256

bf8545146507eb08b898835ffbf57e2803a8111f109b16abd743f98edcc78e8b
SHA512

d6a537f4912304625271dea45757ddf67274c95cb8b97cd08ea09f18d23fecb2f37f536f548e7f3af21fa93adffac867bb0b1d8bdfb9ea8e70a54f624961c55e
SSDEEP

98304:gZHJ7Yu8jKpjR7qBsXo98HQbxFGpaFI4rhdpwLWUft6L88uPLuXoRrFUk+sbdb22:wHJUHuqBUoaHQO4FXg6L88WLuoFB+sNb

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

fdae909dc6ae092cdf245ac85736bb58_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2017, 11:49

Not After

25/07/2020, 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2017, 11:49

Not After

25/07/2020, 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:a7:93:70:aa:b1:bd:d9:2c:75:d0:39:03:66:af:3c:3e:ab:e2:93:c7:cb:5c:6d:de:13:23:21:c5:ff:f3:19
Signer

Actual PE Digest

ea:a7:93:70:aa:b1:bd:d9:2c:75:d0:39:03:66:af:3c:3e:ab:e2:93:c7:cb:5c:6d:de:13:23:21:c5:ff:f3:19

Digest Algorithm

sha256

PE Digest Matches

false

d9:8a:db:62:1b:34:6d:cc:f1:e0:77:dc:12:b9:63:25:a1:58:86:26
Signer

Actual PE Digest

d9:8a:db:62:1b:34:6d:cc:f1:e0:77:dc:12:b9:63:25:a1:58:86:26

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 230KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ea:a7:93:70:aa:b1:bd:d9:2c:75:d0:39:03:66:af:3c:3e:ab:e2:93:c7:cb:5c:6d:de:13:23:21:c5:ff:f3:19Signer

d9:8a:db:62:1b:34:6d:cc:f1:e0:77:dc:12:b9:63:25:a1:58:86:26Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 230KB - Virtual size: 232KB

Size: 18KB - Virtual size: 86KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 67KB

.themida Size: - Virtual size: 7.4MB

.boot Size: 5.3MB - Virtual size: 5.3MB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ea:a7:93:70:aa:b1:bd:d9:2c:75:d0:39:03:66:af:3c:3e:ab:e2:93:c7:cb:5c:6d:de:13:23:21:c5:ff:f3:19
Signer

d9:8a:db:62:1b:34:6d:cc:f1:e0:77:dc:12:b9:63:25:a1:58:86:26
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 67KB

.themida
Size: - Virtual size: 7.4MB

.boot
Size: 5.3MB - Virtual size: 5.3MB