0d621ab3e2563a18b39346b60c78202e_JaffaCakes118 | Triage

Sharing

General

Target

0d621ab3e2563a18b39346b60c78202e_JaffaCakes118
Size

8.5MB
MD5

0d621ab3e2563a18b39346b60c78202e
SHA1

9885dc995835467ff7e925a0e2ad029f2d7c1e81
SHA256

a4c9d8913c3b8526f9d83601c080c458b9465ab492412783a399cd1a20b56e51
SHA512

5a85faad946b6787de25d76ae20fd0fef39fd50fe4b7469e90ce13ab4e5011a5b2e68020510408783483bf4b65185fcb98640c377e119b73700314b2f9185d41
SSDEEP

98304:a4Bq1Xftbs+DbpkQjxYBQdiQIY76dQH6CNC/Nu6OL/BRxXRZAXa3L:a4BaXftbrmlQewNl7FRZk+L

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d621ab3e2563a18b39346b60c78202e_JaffaCakes118

Files

0d621ab3e2563a18b39346b60c78202e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE