WondershareFilmora[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WondershareFilmora.zip
Size

5.8MB
MD5

5b565ec444341f370928359055b6a9f9
SHA1

9be563edc7b801819a5ddb83a44dc1b8ca2d3003
SHA256

7bae85a81ad728fc5fd89075eef72e66c503061d872298f283306aac95442793
SHA512

52ab4da5111eb13043bb6c59253c52bfe311230ae5ea03e3f3ac4a0e2c973897e0ca0fb7596c392a4089b4080c031e9cb873be2d6ec112a62567ff105fdc6b28
SSDEEP

98304:nki/JpNxT76wiOtP1g74I/R2svxt+iR/VI8pBuVk1emXIIEK1afDXK6:nlrNF6+M2svVXu8jKK1iDXj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack002/WondershareFilmora.exe	themida

Files

WondershareFilmora.zip
.zip

Password: softlab22
installer.zip
.zip
WondershareFilmora.exe
.exe windows x86

Password: softlab22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
password.txt