3aceca447c4ed2cb76fd187284f1b3a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3aceca447c4ed2cb76fd187284f1b3a4_JaffaCakes118
Size

7.5MB
MD5

3aceca447c4ed2cb76fd187284f1b3a4
SHA1

64695ad207e7f2fcb4c8bc6db04fda2b44c62e7f
SHA256

72e9bb7474df62bf96261bb463b62c3918c6a97a189f730165fe13d4546098e9
SHA512

f7702b5d855e6170a88aa810847d8158b757f493d5842c710ff38a27b8efcb1cc8814a3b550623707297f2e3a7b8bebc9f8d57dbcb25358a2b27cee54e69d701
SSDEEP

98304:MHitiby/VhoxNC6sYrlwLEhAyjU1ydeyA0cJPm9vfVPJrDP6CW:MCtTVhqCmmEhkb6xrz6J

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3aceca447c4ed2cb76fd187284f1b3a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

77:23:8c:a0:2c:d7:e5:8c:4b:de:af:89:f8:bc:0a:6e
Certificate

Issuer

CN=Paradoxoft CA

Not Before

08/08/2010, 19:40

Not After

08/08/2020, 19:50

Subject

CN=Paradoxoft CA

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:b8:ea:be:00:00:00:00:00:04
Certificate

Issuer

CN=Paradoxoft CA

Not Before

08/08/2010, 23:12

Not After

08/08/2011, 23:22

Subject

CN=HeavenStory Client,O=HeavenStory

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

83:46:85:41:ed:27:05:d4:e1:6e:46:b0:06:75:72:72:1d:96:15:ec
Signer

Actual PE Digest

83:46:85:41:ed:27:05:d4:e1:6e:46:b0:06:75:72:72:1d:96:15:ec

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

77:23:8c:a0:2c:d7:e5:8c:4b:de:af:89:f8:bc:0a:6eCertificate

Key Usages

61:b8:ea:be:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

83:46:85:41:ed:27:05:d4:e1:6e:46:b0:06:75:72:72:1d:96:15:ecSigner

Headers

File Characteristics

Exports

Exports

Sections

Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 548KB - Virtual size: 548KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 1.5MB - Virtual size: 1.5MB

.mackt Size: 8KB - Virtual size: 8KB

77:23:8c:a0:2c:d7:e5:8c:4b:de:af:89:f8:bc:0a:6e
Certificate

61:b8:ea:be:00:00:00:00:00:04
Certificate

83:46:85:41:ed:27:05:d4:e1:6e:46:b0:06:75:72:72:1d:96:15:ec
Signer

.rsrc
Size: 548KB - Virtual size: 548KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 1.5MB - Virtual size: 1.5MB

.mackt
Size: 8KB - Virtual size: 8KB