8488830880[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8488830880.zip
Size

5.6MB
MD5

d78be2805949220d0445ba8afad30b10
SHA1

6d34fcb5f25ca7c450b43bf75e8b32088600a0fa
SHA256

fe969a76931916543135b86299ba3211693c10a745470cc1411a1204acf9e0c5
SHA512

9c1490425f51ee478487bbc5f3faa31b1191087f2ab818a67a81e0972be5e62fee35769b2ae8125077f156f40e140f2fca96cfdfd097455c446ae3cacff98579
SSDEEP

98304:bWwQdNgWsPVcGuaKwVmPkeClGVqBJ0jnE6HEXgBj6lG7csTwb/tx+dgf3mElnm:bA2VcBkVGbSynE6HNBWlGgn/qdumElnm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0	themida

Files

8488830880.zip
.zip

Password: virus
dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0
.exe windows x86

Password: virus

b09ccc7a04dbc8e57e57438561e8c3b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathW

Sections

Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp 0
Size: - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp 1
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp 2
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp 3
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: virus

Password: virus

b09ccc7a04dbc8e57e57438561e8c3b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

Size: - Virtual size: 5KB

Size: - Virtual size: 3KB

.data Size: - Virtual size: 96B

Size: - Virtual size: 696B

.vmp 0 Size: - Virtual size: 265KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: - Virtual size: 1.9MB

.vmp 1 Size: - Virtual size: 1.4MB

.vmp 2 Size: 512B - Virtual size: 436B

.vmp 3 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 265KB

.data
Size: - Virtual size: 96B

.vmp 0
Size: - Virtual size: 265KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: - Virtual size: 1.9MB

.vmp 1
Size: - Virtual size: 1.4MB

.vmp 2
Size: 512B - Virtual size: 436B

.vmp 3
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 265KB