TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Behavioral task
behavioral1
Sample
PEMIS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PEMIS.exe
Resource
win10v2004-20230220-en
Target
PEMIS.exe
Size
28.9MB
MD5
34a7eab02be0835b27e4548ad2ce048c
SHA1
17a2337c233658d36387b9c50f43aa53feeb422e
SHA256
0527dc9d19e95c25ca4feb22e562f5fda68a6732483c2be9f05af6f9ed005107
SHA512
9844035a58bf8398555e556592dc7b49bc591516a91b8da00270d551e1463de2302020b3d6600bdf2c4455bb7fd2c04b15b3cf7addbd39b0174b8cff60fc3be0
SSDEEP
786432:21NY0wjo8H/1uWX5xFYnmE0UcXSlwmKEu:IIjoQ15fgliSlwmK
Processes:
resource | yara_rule |
---|---|
sample | aspack_v212_v242 |
Checks for missing Authenticode signature.
Processes:
resource |
---|
PEMIS.exe |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE