JaffaCakes118_a7940ae06093e34ee0df817c8e2812b5 | Triage

Sharing

General

Target

JaffaCakes118_a7940ae06093e34ee0df817c8e2812b5
Size

3.1MB
MD5

a7940ae06093e34ee0df817c8e2812b5
SHA1

de1bd723226d6710fa89eb58498a4780cb90f9e2
SHA256

6c0092d6659a16980d2a231b692ffad9d0f09b4a5888f8fdd8443aa104d7a584
SHA512

fa4640c0874cf423a2eeab26497575175c50a62e6eb2bc65327eca4036f97ab509d41304563a59674b482138bc21ceab3b8534bf583e7eedf56335ab985a8c05
SSDEEP

98304:DkUk5Eg2SFj0PA35wbKPWdK748QOKRg6QZDCFByDU:DW5P2SFVSG1E8QOK+6QZDFU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a7940ae06093e34ee0df817c8e2812b5

Files

JaffaCakes118_a7940ae06093e34ee0df817c8e2812b5
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 40KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 581B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ