8aa3dd27e5aab7039f975ec54219a53f_JaffaCakes118 | Triage

Sharing

General

Target

8aa3dd27e5aab7039f975ec54219a53f_JaffaCakes118
Size

3.8MB
MD5

8aa3dd27e5aab7039f975ec54219a53f
SHA1

99275e68dcfc187d1784a67d2811885ce1286431
SHA256

ac0dab846ee64143046cf13afd4c2c2ddc5876409809bf9e03092ed75c80e7b7
SHA512

0ffbe8142706a0d39d6eebd4d7ddb63ca7f05d876b96aee493673b36f7c2cdef9ecf7c1faca4abff551720b1d2c8a630b6cd3916de5bdf99a827f2a67a00c222
SSDEEP

49152:G49EPufPP8y8qZbC64+08Tkl7bBCznvH0H456SKKpUrgCJSYgBzun:G40YPPFBC64+0amBCzvS6ZEgCYBza

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8aa3dd27e5aab7039f975ec54219a53f_JaffaCakes118

Files

8aa3dd27e5aab7039f975ec54219a53f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ