Behavioral task
behavioral1
Sample
reallyrich_protected.exe
Resource
win7-20230220-en
General
-
Target
reallyrich_protected.exe
-
Size
3.2MB
-
MD5
df5d7280e65d54355447a8cf38dfee00
-
SHA1
550db0113d38c80e10a08406cdab1b7ba6a7430e
-
SHA256
0058c7aff1d46a7adb149bdd15392f2b56de364b1c0a5e546c0fbca15b586fe9
-
SHA512
a929a1a0575d348d072cd1add9fb45a77e0b4a5c378b16bcbb13c8bbb03f742a570e4614472ab224b29e613b93231f13029d10468bbb6ad3017bad77f65a5102
-
SSDEEP
98304:utrc5NQ18Qicj/J/zB+twLfrmISZEsKoFpCUi:15NzQiYLRiV2sKoKB
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource reallyrich_protected.exe
Files
-
reallyrich_protected.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 186KB - Virtual size: 352KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ