Zoom[.]iso | Triage

Sharing

General

Target

Zoom.iso
Size

256.0MB
MD5

d47a45d25ce3ab24cffffbb389d3fb46
SHA1

0c1bc7f0b8a944b921ba688c98d1070e014b3a78
SHA256

7436f6600a22e92bcae60ec78335ac8a3306f33c9ba6133649024a95f393e394
SHA512

834200e0c8a843047c58f9eabb497295fb18bdbc152b4961f3d7f829f3b57139af9aa5011c9adde4c7c5d42c8fd274aa51ee2273eafe04751500d0072d50233a
SSDEEP

98304:qoYnMjGCGOXft+ktOuI9+W3Kp6E+WroakdQeiq+D6pUonqD:qoYnMaZOXf0ksJop6JWrvkriqfUt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/ZOOM.EXE	themida

Files

Zoom.iso
.iso
ZOOM.EXE
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 466KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE