Extracted

• • Target

    JaffaCakes118_f9b30b3125e7a08193def881a84864facbd5bfcd2f734a6652d5e7a0091f1a36

  • Size

    781.5MB

  • MD5

    3475bb2a3f5bfdc45300ba309d4d432e

  • SHA1

    82d83e5df1575ea238f8a01f803a66a2ced373b5

  • SHA256

    f9b30b3125e7a08193def881a84864facbd5bfcd2f734a6652d5e7a0091f1a36

  • SHA512

    97a242f6f3ba9b4e9382b0861a0aea919f98293b7b663631dc3632079a55604d90a8fe20c592d8334c1789c358f95f96f214242f65489ccc68177d11195931a4

  • SSDEEP

    49152:cFJo/Z4MC3PzzhdpD4auKqDrTLVO6l9ZUv7W149b4VKaItNZXj7vWkQnYva:n/Z4xDJhurTI6l9MEUb4I5tNZj7vJyYi

  Score

  10^/10

  vidar211a7d154fcc696ee9e240a38d4c9caediscoveryevasionstealerthemidatrojan

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2