JaffaCakes118_28cb1b27ba59327cb63b98374310cb15 | Triage

Sharing

General

Target

JaffaCakes118_28cb1b27ba59327cb63b98374310cb15
Size

1.9MB
MD5

28cb1b27ba59327cb63b98374310cb15
SHA1

12bc50238c6f0974c70f91d50f9a380a61d81d63
SHA256

4c53160d026ec1723dd5178ff5ae31d194dd96d9264d8047bf28e9ee27dab183
SHA512

5cae9beffd22215ad9489bda2d742ed47b8cad6a3d14ba79b20dc7024bde2faa881887163e10661e556fc90b2455209a59a214da5a74077b582450b4fbd5fdf5
SSDEEP

24576:JQgPK5BP+BoCLxjJr8/4vLudZ4UnDRIXnO+THFVli5kmIkYXBInLjo/Tq1i3RfJB:JQgPKbY0/qmZ4Und6DkmmIkQz/TqGCuT

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_28cb1b27ba59327cb63b98374310cb15

Files

JaffaCakes118_28cb1b27ba59327cb63b98374310cb15
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 193KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 33KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ