ffeae518b3f1d6a778c7eb57675ea30a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffeae518b3f1d6a778c7eb57675ea30a_JaffaCakes118
Size

1.9MB
MD5

ffeae518b3f1d6a778c7eb57675ea30a
SHA1

6ab4477a551c3b6a6da7d7132a39eb8c32bd884c
SHA256

5d74a0e71f5718a330a347380bbaf8aab921d8094dca98268409c32f754521ba
SHA512

56a4f6219b216183ab933420e40abe029d433dc5cbf0aa543114345d8dd0b61d990dd289a82151dff061091866fb54c629492597271533c4cef4431cc0f34779
SSDEEP

49152:IqOw1c4oX6lugXcr/XL0P+obGv4TGjyeZJRi0T:ew1c4oX6Igs3bobGv4K2kX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffeae518b3f1d6a778c7eb57675ea30a_JaffaCakes118

Files

ffeae518b3f1d6a778c7eb57675ea30a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: - Virtual size: 967B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Mybr
Size: 1.4MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE