innoi-tr[.]zip | Triage

Sharing

General

Target

innoi-tr.zip
Size

3.5MB
MD5

a832e10f78fa004d322eab8dd977445d
SHA1

5d80174642433de36db1bbefbb53b9df534dbb2d
SHA256

77ddc1e2673514ae550bb93a8b347dbbd551f714f12d6c48eb0fda03110da748
SHA512

ce941fe6c68b91befc97f45b9856257110cdb684e8c9fa2b92ba8a0e0ac0f28958499eb18f77cb9e674675df4bffd21508b8b723a799876185df9f3c64e1d9a1
SSDEEP

98304:zioADZbtXZHH8ddpbRBWf58CS0EsVZWjrZPK:f+tXaRBWf5HYsnoZPK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/innoi-tr.exe	themida

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/innoi-tr.exe

Files

innoi-tr.zip
.zip

Password: infected
innoi-tr.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 48KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ