Static task
static1
Behavioral task
behavioral1
Sample
ee0f6009d040280e5b70a11f597faae5.exe
Resource
win7-en-20211208
General
-
Target
ee0f6009d040280e5b70a11f597faae5
-
Size
3.4MB
-
MD5
ee0f6009d040280e5b70a11f597faae5
-
SHA1
04153d81ab5b38e70525120815ed67b41e33610b
-
SHA256
cb83f7793fb45301ea771d25d9b47f50e00e9a0b2faf41f483dac3be63eeb15d
-
SHA512
076e60218db84bf8a97522024b307b1e9c8a7709a9b9dd758103bcb2be4f5c48a046027087c2b8dbaeaea8879ebffbc0a08ded9940a42213a405b0563610b447
-
SSDEEP
98304:2ELnBxEYMvStc9Hratr+ARGdee0bSQqpOT35:NnxyJwLRGbhsT35
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida
Files
-
ee0f6009d040280e5b70a11f597faae5.exe windows x64
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 44KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 21KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 236B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 564B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ