164321febb617189b961abe2ac11acb2_JaffaCakes118 | Triage

Sharing

General

Target

164321febb617189b961abe2ac11acb2_JaffaCakes118
Size

1.2MB
MD5

164321febb617189b961abe2ac11acb2
SHA1

4b5f1e116468ded4a6d7a1d16aca0f536c217613
SHA256

4c351e857208609b7a3a4076d04e786a27ae03c9a1e9f1b476d5b4241c979d93
SHA512

00850e4dec098ebf8f53d5b2c277cf23b3efc07b8363cfc4097234503cd515de070b781b12b2a5271afeff1a2fe69f497f221cd96bfdc06bec4c01dd5e7ea5a5
SSDEEP

24576:/AMXptakEWuRwaLd9D0NBQzm1XxsI85AQrV7b+fvl1j+JWZK33Fnw:/AMX/DW9ANBQzgGI85A2wvT1ZK335w

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
164321febb617189b961abe2ac11acb2_JaffaCakes118

Files

164321febb617189b961abe2ac11acb2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

CoInitialize
CoUninitialize
DllRegisterServer
DllUnregisterServer
MessageBeep
RegCloseKey
RegOpenKeyExA
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

Sections

Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE