Behavioral task
behavioral1
Sample
a03e9d78a3f0a89f5e9f98872635b6d8.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
a03e9d78a3f0a89f5e9f98872635b6d8.exe
Resource
win10v2004-20220721-en
General
-
Target
a03e9d78a3f0a89f5e9f98872635b6d8.exe
-
Size
512KB
-
MD5
256592d1a5f1973239e66c254eaa40c3
-
SHA1
f1b1a3c5f86f9a700fe7cd981db560b67214ea39
-
SHA256
65a9ca928f105eff81b33003ff3fa3eb1e5c991eecb949f6f19bf02523079593
-
SHA512
05593dd60b3f4ce65f459d4a4f2d1a5f7853b0dbc6697612c9321119c9720b3fa963c0b3ad6d664b2c544919889f09a2bad370aa5c71830500a02625ec67b4d9
-
SSDEEP
6144:KwgK/ovldgYzGiARK+HNiG0t2mCQASUB4itCU5pMVyN90lEOjgJb6SkEvqE:rgZl5GTK+HNikJw4pMy90jKt
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida
Files
-
a03e9d78a3f0a89f5e9f98872635b6d8.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 14KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 318B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 354B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 199KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE