JaffaCakes118_e94b4a77d7775702b3a9202a2ded4ab1 | Triage

Sharing

General

Target

JaffaCakes118_e94b4a77d7775702b3a9202a2ded4ab1
Size

844KB
MD5

e94b4a77d7775702b3a9202a2ded4ab1
SHA1

c964d1a8536bf0e8f138d01f0d1b69a434dbfd57
SHA256

75530cfb48f1c519981821298228ff8d17c0796fc1680bd104cde2f05a503db8
SHA512

9d6236754a9f5a2e3eb0af4ea37515076c7df4fe425f01667d754112b7d5d4240761147957019e63451d2a6701163d41192aadc36cb4884e48f83829c104af1d
SSDEEP

12288:2nG3skXuxE+BnMY5FksmW8WkafuZrIOd0l+eO/QWNPQyAln1l9v:av1FksmWDj4cEs+XprAt1lp

Score

7^/10

aspackv2 themida

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e94b4a77d7775702b3a9202a2ded4ab1

Files

JaffaCakes118_e94b4a77d7775702b3a9202a2ded4ab1
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 338KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 482KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE