Zoom[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zoom.7z
Size

3.5MB
MD5

c5e34ba080aee04c1050a2cc09d68e9e
SHA1

72f1eba5457af3931599640fc2edd4cfda998a43
SHA256

8a3ee234b0b2e867c1e1c8e1dae85c77fc2816a836a957ea56a93f373082c4b3
SHA512

d6ea5b43abad704db5fae11c9413c4ae3e33734c6c556b1de765b325d90c9945ebbd98026f3fa329b0dfdc6d5229baf8f9a19a50e1300185c3026547b234581d
SSDEEP

98304:sVEN7ewLlUskaU7VzdCpdCI4YDMVoKnj5rK76:sKewLGsknBQph4YCfNrC6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack002/ZOOM.EXE	themida

Files

Zoom.7z
.7z
Zoom.iso
.iso
ZOOM.EXE
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 466KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE