JaffaCakes118_bc650b4ec3cc8038c2a9a006d9db1408 | Triage

Sharing

General

Target

JaffaCakes118_bc650b4ec3cc8038c2a9a006d9db1408
Size

2.4MB
MD5

bc650b4ec3cc8038c2a9a006d9db1408
SHA1

4e09c68b98af38f9eaafb7bed0cc4b8dfc546fc7
SHA256

92bf7a9cf9e9376e3844f039ac6b8fd577ec5de2720ae5cd17263ad179084500
SHA512

9696ded1882f06030aa97fc6309d73c8ffaba8f89a5734cc35fa0cd44e33bff74a64dfcf922387ad09bfebf61246344c80433d71b8b8b6b449811fdcd34f4c8f
SSDEEP

49152:VWymIHXSAdRxXGIgmSaVwxhB45Ox5V7JMnI6HoRlAQFe3J8PL1XErtz0:VPHHiAdrXGg2d1JMHoR83cgtz0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_bc650b4ec3cc8038c2a9a006d9db1408

Files

JaffaCakes118_bc650b4ec3cc8038c2a9a006d9db1408
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ