Behavioral task
behavioral1
Sample
a3e34cg.exe
Resource
win7-20230712-en
General
-
Target
a3e34cg.exe
-
Size
4.6MB
-
MD5
341e2e0fbcc88e262ed896ee11c06532
-
SHA1
60cd85254f5faeb3ba526650daf85b773b458b90
-
SHA256
250b10e7a4025f8845c9287d86eb1101f18f23e2dd3c50df642cbc40756afa97
-
SHA512
ea70d5bc2dc264ec92c57edaef2fe343e48c7f6d12d5b5c71432807fe19c536b10139b00040b364c15fc940d1ac9cf0e42f18e6dee1c412acdea17ac9e30d850
-
SSDEEP
49152:rOjkgSYGuvkNaJ/b0GYmsmf/sAa8hdCQB2xrajUVNY36pMK6CrOIvYApvSzZQljF:rXuvPZwAcQBVjUzgiMC02Xv+E
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a3e34cg.exe
Files
-
a3e34cg.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 66KB - Virtual size: 166KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 12KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ