NecrumV5[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

NecrumV5.rar
Size

12.8MB
MD5

b29fc6156d97a4df79bd03f711b4cef5
SHA1

45fa2273d532aa00a700b520793ca10fac16d873
SHA256

e36bcb48a7e2cd6d8973d8548820d2c4bb07930faf4d2cc49afcb7c2dae36b8b
SHA512

5179ee09788d08f8a27a0f799d81d828f655363d08fae49728014d2ed4411ea54888736cc6130d0d591d8575ebca926d82d7393f4eecddbc49cc0b2b5cee2baa
SSDEEP

196608:j1a0YgQJf2sQ4JPZDvQdmIFIq6QJ4B/vcNF/5RNt32OXeyHqeCIVzF7pOPxroUhi:ha0YgQdJB8dmIFIqDi3cJmOXX5J7M5Eb

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Notepad++.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Notepad++.exe

Files

NecrumV5.rar
.rar

Password: 123necrum
Notepad++.exe
.exe windows x86

Password: 123necrum

cf88532bfc5c381beade1563fb3eea9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

mscoree

_CorExeMain

Sections

Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NIt
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f[X
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.z"g
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lbr
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123necrum

Password: 123necrum

cf88532bfc5c381beade1563fb3eea9e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

Sections

Size: - Virtual size: 3.2MB

Size: - Virtual size: 89KB

Size: - Virtual size: 12B

.imports Size: - Virtual size: 8KB

.NIt Size: - Virtual size: 90KB

.themida Size: - Virtual size: 5.3MB

.boot Size: - Virtual size: 3.2MB

.taggant Size: - Virtual size: 8KB

.f[X Size: - Virtual size: 3.9MB

.z"g Size: 1024B - Virtual size: 856B

.lbr Size: 13.1MB - Virtual size: 13.1MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 90KB - Virtual size: 89KB

.imports
Size: - Virtual size: 8KB

.NIt
Size: - Virtual size: 90KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: - Virtual size: 3.2MB

.taggant
Size: - Virtual size: 8KB

.f[X
Size: - Virtual size: 3.9MB

.z"g
Size: 1024B - Virtual size: 856B

.lbr
Size: 13.1MB - Virtual size: 13.1MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 90KB - Virtual size: 89KB