Behavioral task
behavioral1
Sample
PalaceRust.exe
Resource
win10v2004-20230220-en
General
-
Target
PalaceRust.exe
-
Size
3.9MB
-
MD5
bc543fadb35dd7dc8d3dea92e2f28ebe
-
SHA1
fa5cf0dab9c6823c49f73603646eca8d02c32c4d
-
SHA256
6765e7e4d3bf7ddffd8dad955db6e5502eb2936af5ee3fa8d50060838971f3b8
-
SHA512
1f0f97e70b4025e356cb2ebaee1ce0743c3bcb88e33d90d74ceb794109a1cb4b5b3b9e3e8f4f7b82492eccac2e456bc41ec3c4c77230eb27baab0677e127da29
-
SSDEEP
98304:soLTxvm0EdOiwv4RHylU6JxWO3nSdsH1+fVNfkR7EpN/Dk6DtcF1m:9LTx8QnvUSJtn8s6ZkR4pNY6J/
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida
Files
-
PalaceRust.exe.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 425KB - Virtual size: 851KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 75KB - Virtual size: 177KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 119KB - Virtual size: 446KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 21KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 275B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ