cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c.zip
Size

3.3MB
MD5

41cc2fc1f90c9c4727b2220e3cd0fdc4
SHA1

efad5e71e5b09e4d0eb7037d82c5cfdce21f4a85
SHA256

3a89fa6a4abebabffcd836859898bda1dda9b42883c7bb6b9cd35a16ade708be
SHA512

5591d3bfb6043e0166e5456a9cbb528e46bd15f3c7f6b560296f73f94fa4138fecd297567e6d5ed1738fdf28a9034e8277529b63f319c86c2175eb443e6e98b9
SSDEEP

49152:5UOvvyAiMNvDjdJoHdefEW28ngnBgQ75dhqdaJiZKrS7V1W89hIZ8NDq5uIFNtyG:5By38g4MGgBgQNngjoukVBEoB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c.exe	themida

Files

cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c.zip
.zip

Password: infected
cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 308KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 53KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 308KB - Virtual size: 559KB

Size: 53KB - Virtual size: 177KB

Size: 4KB - Virtual size: 39KB

Size: 463KB - Virtual size: 463KB

Size: 22KB - Virtual size: 41KB

.imports Size: 1024B - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 42KB

.themida Size: - Virtual size: 4.1MB

.loadcon Size: 512B - Virtual size: 4KB

.boot Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 42KB

.themida
Size: - Virtual size: 4.1MB

.loadcon
Size: 512B - Virtual size: 4KB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB