WARZONE RAT 3[.]03 Cracked[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WARZONE RAT 3.03 Cracked.exe
Size

7.5MB
MD5

03977a4fc47100f00650d65b1088f391
SHA1

2517557e6bdb3e2268143f4690a4cc44426ac481
SHA256

2325745d8b078385be3a995640b2cee98e85c8ac1c111fde5fcb1c257d9efe7d
SHA512

2ad09d2e14ea3f83a950b76444b49d49b53a5735f1256f6c59f97bf380bd89e59f97f157ba7a75416e154e9142e33a609eb10c4c5f59963487d4d2ec6adb4a3c
SSDEEP

196608:fWjyOLFVG2tUpi7tPRopU2Pa3uAdvCgoYEttoTBoWY/:fR6FVJUpi7tJoDAdvbEttoev/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WARZONE RAT 3.03 Cracked.exe

Files

WARZONE RAT 3.03 Cracked.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 74KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 835B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.1MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ