TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Behavioral task
behavioral1
Sample
PEMIS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PEMIS.exe
Resource
win10v2004-20230220-en
Target
PEMIS.exe
Size
27.9MB
MD5
bf5a51dc55fd769441533ad976b0f6ac
SHA1
21a0d07ef1e890b09a59eb391b03506c183f9286
SHA256
c176dae94f60e6aa1e4be1f57742f2817e48ad29e4ba5b1119bd9131a0598408
SHA512
204dc494fe09b521798447eba90fd4adda1bb150dc362c8e2e9ea698c86816ed1910c44453440024606c461c6cc7fd4a02e6fba9845b8ca949dadc44fa163ad5
SSDEEP
786432:4oigo6W7kWeS+Zmsusi7ciOM4stmE0UhhiHNorCSxtUVVGTqN:zigodkWoEsuseOalhhiCrCSxkV9N
Processes:
resource | yara_rule |
---|---|
sample | aspack_v212_v242 |
Checks for missing Authenticode signature.
Processes:
resource |
---|
PEMIS.exe |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE