JaffaCakes118_a8599b9ee6ab5e391788b7e8f183a858 | Triage

Sharing

General

Target

JaffaCakes118_a8599b9ee6ab5e391788b7e8f183a858
Size

3.0MB
MD5

a8599b9ee6ab5e391788b7e8f183a858
SHA1

d01e832effb7eca779d5387b139925a69fa5f07b
SHA256

00d617e50b3665427f5558404dbaeaac2b55b8413c75ef2e054e532d1d240270
SHA512

cac68e88da9b7f248236678a858d930f1f02b1534d5fc0b1d197fa36540d4b6d74571180c07b0c59cf0356d2951dae4d5dd3a7158a4fe1bb50fa8d7929d239ba
SSDEEP

49152:K94vrZ5XjXmuvZ/vT5A+kCT3dLRI/l4+txZty1GHY+ExwvfZI3kEN5CJfFFIpe:2ofzmuhHTAChFINJQ128wnO3V5WfF6pe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a8599b9ee6ab5e391788b7e8f183a858

Files

JaffaCakes118_a8599b9ee6ab5e391788b7e8f183a858
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 82KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 688B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ