dpeditorexe[.]zip | Triage

Sharing

General

Target

dpeditorexe.zip
Size

2.6MB
MD5

fe6fda0fe2f701f708440cef88e319a5
SHA1

dc5d9dc56ed372312bbd6c49bb5b1f387d3249a7
SHA256

9c4a74d7c7b7427e158c569a0bbac64b8828be8f02c57f39db5703864d4cb3e7
SHA512

231208947bc81e1236545e4fbfe49328c9c410250355d86e6ff09eb1a1f76566f1cd77f39505056f6d237fdad0f1a61763b73c2a50377a4980240f3acf8dbe37
SSDEEP

49152:FjoqaTRk6fMek5Xx5cmPudbWIvPV/1RxAIHegJ1Lf8Sjnh2hgDDgt5AaTI5d:WTR1fMe2ckudbWI3VNRxAIfJqU2KcAUI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.bin	themida

Files

dpeditorexe.zip
.zip

Password: infected
1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 94KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ