JaffaCakes118_bdd4eca6d82e080f8bc77754bf11743655a571cc3fdd8c7f182d23145b200ac8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_bdd4eca6d82e080f8bc77754bf11743655a571cc3fdd8c7f182d23145b200ac8
Size

796.7MB
MD5

84fcc90b0146a0fc3c63ee830e8e9b1a
SHA1

d8150d089f8a29cbd51966c435385285ecc2d7de
SHA256

bdd4eca6d82e080f8bc77754bf11743655a571cc3fdd8c7f182d23145b200ac8
SHA512

93cc8b28ac148f4190c2e8a1e21d1a00b83e2340c38c1845d844a41ab5b01a0952d8dda0e7f9a6331a9e63b3b33d20ac41ad76eff53f580013fda1b7af93f9b9
SSDEEP

25165824:Mnnnnnnnnnnnnnnnnnpnnnnnnnnnnnnnnnnnpnnnnnnnnnnnn:Mnnnnnnnnnnnnnnnnnpnnnnnnnnnnnnp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

JaffaCakes118_bdd4eca6d82e080f8bc77754bf11743655a571cc3fdd8c7f182d23145b200ac8
.exe windows:5 windows x86 arch:x86

4cd1e85947d2b28bb72b3039bb82e4e0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11-04-2023 00:00

Not After

12-04-2026 23:59

Subject

CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e5:01:cb:94:fb:5b:4b:36:b9:7c:71:90:c4:4b:27:0e:5b:b1:c5:01:11:50:90:d4:dd:c5:2c:a6:cb:36:b9:17
Signer

Actual PE Digest

e5:01:cb:94:fb:5b:4b:36:b9:7c:71:90:c4:4b:27:0e:5b:b1:c5:01:11:50:90:d4:dd:c5:2c:a6:cb:36:b9:17

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ReleaseDC

gdi32

GetDeviceCaps

ole32

CoCreateInstance

oleaut32

SysFreeString

netapi32

NetWkstaGetInfo

Sections

Size: - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.“.“
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.“.“
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.“.“
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.“.“
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 347KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cd1e85947d2b28bb72b3039bb82e4e0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:ccCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

e5:01:cb:94:fb:5b:4b:36:b9:7c:71:90:c4:4b:27:0e:5b:b1:c5:01:11:50:90:d4:dd:c5:2c:a6:cb:36:b9:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

netapi32

Sections

Size: - Virtual size: 361KB

Size: - Virtual size: 79KB

Size: - Virtual size: 84KB

Size: - Virtual size: 22KB

.“.“ Size: - Virtual size: 348KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.3MB

.boot Size: - Virtual size: 2.6MB

.“.“ Size: - Virtual size: 1.3MB

.“.“ Size: 512B - Virtual size: 468B

.“.“ Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 347KB - Virtual size: 348KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e5:01:cb:94:fb:5b:4b:36:b9:7c:71:90:c4:4b:27:0e:5b:b1:c5:01:11:50:90:d4:dd:c5:2c:a6:cb:36:b9:17
Signer

.“.“
Size: - Virtual size: 348KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: - Virtual size: 2.6MB

.“.“
Size: - Virtual size: 1.3MB

.“.“
Size: 512B - Virtual size: 468B

.“.“
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 347KB - Virtual size: 348KB