d5a0c28c1b0198033e57c75f95c921244071ce7e2eebec74e66f384627900824[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d5a0c28c1b0198033e57c75f95c921244071ce7e2eebec74e66f384627900824.zip
Size

3.3MB
MD5

810ab9577cc5e0efe87ef0688eba700b
SHA1

1432b96db1f4024f4a218b06a12186a9ea87bacb
SHA256

40c9698c41f7575d5c05a059f73067072dffb2001454cc8571de6ec4d7a6aad9
SHA512

277f3e5f3fdad041289ce1e4798c87f4ebcee2052c68d37b59aaa6eb9361d2287c56fd37ee8abc1b0e75991d0204ba732b545c4af73a9d53bb03ee125a80e301
SSDEEP

98304:lj8tBKxoRjMOpGDRpuoEOjKeX7xGkUAKqJbr:lj8tkotMvrEOXQkU4t

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/d5a0c28c1b0198033e57c75f95c921244071ce7e2eebec74e66f384627900824.exe	themida

Files

d5a0c28c1b0198033e57c75f95c921244071ce7e2eebec74e66f384627900824.zip
.zip

Password: infected
d5a0c28c1b0198033e57c75f95c921244071ce7e2eebec74e66f384627900824.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 308KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 53KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 308KB - Virtual size: 559KB

Size: 53KB - Virtual size: 177KB

Size: 4KB - Virtual size: 39KB

Size: 463KB - Virtual size: 463KB

Size: 22KB - Virtual size: 41KB

.imports Size: 1024B - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 42KB

.themida Size: - Virtual size: 4.1MB

.loadcon Size: 512B - Virtual size: 4KB

.boot Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 42KB

.themida
Size: - Virtual size: 4.1MB

.loadcon
Size: 512B - Virtual size: 4KB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB