14b207c70efb1ae561b29aab867fdfa5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14b207c70efb1ae561b29aab867fdfa5_JaffaCakes118
Size

905KB
MD5

14b207c70efb1ae561b29aab867fdfa5
SHA1

bf920ab4487166da5d9cfc0f6a431dd999a4aafe
SHA256

b3982450ce019ecbb89c1ea1de8278ee82ad376c6368c6d29b59c7212336dfd8
SHA512

502dff4e3e6bfb40fec56e5bc5f52aa9ea661edb487c5f228d27e891b8e4bf9371122f6d3b040f67070c8636d12602e4a217e7070b6c8519367d4201074f871e
SSDEEP

24576:FoCduJHDRw01DAxSHM2S2+VTeKiU4fCckoPS:6CIHVzdM2S2+VTfnc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14b207c70efb1ae561b29aab867fdfa5_JaffaCakes118

Files

14b207c70efb1ae561b29aab867fdfa5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CRsdEngine@@QAE@ABV0@@Z
??0CRsdEngine@@QAE@XZ
??1CRsdEngine@@UAE@XZ
??4CRsdEngine@@QAEAAV0@ABV0@@Z
??_7CRsdEngine@@6B@
?Bound_Point@CRsdEngine@@QAEXQAY0CA@E0000@Z
?Bound_Tracking@CRsdEngine@@QAEXQAY0CA@EQAY0CA@UtagFDIRECT@@@Z
?InitOCR@CRsdEngine@@QAEHXZ
?LinearNormalize@CRsdEngine@@AAEXPAEHHQAY0CA@E@Z
?LoadDic@CRsdEngine@@AAEHXZ
?Plove_Feature@CRsdEngine@@QAEXQAY0CA@EQAY0CA@UtagFDIRECT@@PAM0000@Z
?RecogAuth@CRsdEngine@@QAEHPAHPAEHHH@Z
?RecogLetter@CRsdEngine@@AAEXPAEHHHPAGPAHPAM@Z

Sections

Size: 109KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 621KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE