JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100 | Triage

Sharing

General

Target

JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100
Size

4.7MB
MD5

3f9c0ab12cec709afd52d0a0099e8100
SHA1

6e7d14169df2775f51aa8f78ffe5f085be3fab68
SHA256

99957297e1795b4824d5f43ecdad3eba1bb0f22b631574a8ded1ca8b8c674672
SHA512

e7f1dd28febc4e2d424c987088da0b4769e4dbfe915a826023ca64f73e159019564ac57f6508ddd6dd58a2f43548cbc347614b8ccea91292fdb988e43c6abe83
SSDEEP

98304:IZuyo9KL3rXxA5o2V9Jg0gfh0hD4bi18GudhT:IuySKLTxA5oQJg0gfmhD4bi8jvT

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100

Files

JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 583B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ