JaffaCakes118_86dadeb6a6e837335c4c735ad8eda03fa66ca318ca50061dec33bb8349fad89a

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_86dadeb6a6e837335c4c735ad8eda03fa66ca318ca50061dec33bb8349fad89a
Size

2.8MB
MD5

8b3917b689351ec05afe821bda3b36c7
SHA1

8c34a26744b7bdc531a4eb37576fe97231430fc6
SHA256

86dadeb6a6e837335c4c735ad8eda03fa66ca318ca50061dec33bb8349fad89a
SHA512

c06d4b2394f065add581eb24f6944780c4ca400eae85c2172a54d75d4a2bf83aa8626f2c162fe2057ec696beac02e45be2f0a82c8ac9fc6df835e39f4385cd51
SSDEEP

49152:KsBGq40J7zc2/Owc+QOBTBWR7cMwbxEOW8CRptjOboXYyQrT8tDyhmi32DgRI03y:KOGmJ7g2/OwcdIBW9OW8Cftj8yYmiG8e

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/e6b0f81a947b7de134379b5be6827e5277fbdaedc9067654062ed94b0dd2aefd	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e6b0f81a947b7de134379b5be6827e5277fbdaedc9067654062ed94b0dd2aefd

Files

JaffaCakes118_86dadeb6a6e837335c4c735ad8eda03fa66ca318ca50061dec33bb8349fad89a
.zip
e6b0f81a947b7de134379b5be6827e5277fbdaedc9067654062ed94b0dd2aefd
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 185KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 777B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 308B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 185KB - Virtual size: 330KB

Size: 41KB - Virtual size: 91KB

Size: 777B - Virtual size: 15KB

Size: 9B - Virtual size: 9B

Size: 308B - Virtual size: 560B

Size: 5KB - Virtual size: 18KB

Size: 11KB - Virtual size: 14KB

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 17KB

.themida Size: - Virtual size: 4.1MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 17KB

.themida
Size: - Virtual size: 4.1MB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB