CW_DARK_AETHER_TOOL[.]rar | Triage

Sharing

General

Target

CW_DARK_AETHER_TOOL.rar
Size

9.9MB
MD5

7d3e524591078e62e0685d74f5b8aee4
SHA1

d6bc0e6c7b6ecb2142d7121e3fbef6bc08200739
SHA256

3c9564882c892e219c16f1dd92669be7953227ea85c91eed632bd05821e60478
SHA512

ba810f5761dc641b405e084b1f3b1dd8ba683c5118e52e17ea679f5caefc1d1c69d23d7039f35d53371303e964a1b4fb25067b5c65f3a57fcd94a2301d42173d
SSDEEP

196608:hA5aN6TwTctEjDHw362M4S2ZDNzPrBXMibUrILsV4ZNPuxZLySxyzMQUBRzWGlf:hCaswT7A362MNWrB8ibIVKdwQAOdGlf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/CW_DARK_AETHER_TOOL.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CW_DARK_AETHER_TOOL.exe

Files

CW_DARK_AETHER_TOOL.rar
.rar
CW_DARK_AETHER_TOOL.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4.2MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 633B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ