Behavioral task
behavioral1
Sample
223f8d67c784e3f6cc85c721dd718af53510f6884dbc1ea4dd328cc26da03f5e.exe
Resource
win7-20230712-en
General
-
Target
223f8d67c784e3f6cc85c721dd718af53510f6884dbc1ea4dd328cc26da03f5e
-
Size
2.8MB
-
MD5
1d156981b23a1531d4e6449c95ec6c9f
-
SHA1
98c264b55efdd118215190955d3a6372e4497330
-
SHA256
223f8d67c784e3f6cc85c721dd718af53510f6884dbc1ea4dd328cc26da03f5e
-
SHA512
c2cc592a3b4aef17e1a6882f97e36bc3cc257b6c83b21cc72bd92cf45ff48c5de45c22c34352a10bf3fc66a884dfb8fec007781561be88e9071d6a2433f91a2d
-
SSDEEP
49152:OS6hBcbHH6ORsof+ZymfCvKa+nxzsA/y8aiPRmN6VLvOjwsDxA:OS+BcHaORvmZJfdxIA/y83PcNcLvSwsi
Malware Config
Signatures
-
resource yara_rule sample themida
Files
-
223f8d67c784e3f6cc85c721dd718af53510f6884dbc1ea4dd328cc26da03f5e.exe windows x86
Code Sign
74:57:6a:91:b1:77:dd:b9:4a:15:a1:49:1a:4d:a1:d2Certificate
IssuerCN=Acer Quik AP527-57 [AN527-27-77M3]Not Before06-04-2023 15:02Not After07-04-2033 15:02SubjectCN=Acer Quik AP527-57 [AN527-27-77M3]39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4b:07:c1:75:3e:ab:1b:3a:28:fd:cb:cd:42:84:61:51:43:6d:5b:16:90:6b:bd:fe:06:1d:21:77:7a:55:38:44Signer
Actual PE Digest4b:07:c1:75:3e:ab:1b:3a:28:fd:cb:cd:42:84:61:51:43:6d:5b:16:90:6b:bd:fe:06:1d:21:77:7a:55:38:44Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 351KB - Virtual size: 456KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 143KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 138KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ