Behavioral task
behavioral1
Sample
5h8mj5hdmk.exe
Resource
win7-20230831-en
General
-
Target
5h8mj5hdmk.exe
-
Size
4.0MB
-
MD5
ea4fd817859f3a86dff0d31db268fb4c
-
SHA1
55b83c3f796c8819c169ffc9a5a97341523f1a5b
-
SHA256
b13ac74ea97a14c678375ef454399ca831a205f5c5dd2b29262336e983df6987
-
SHA512
00774e9c110f28cfff842b9aeb05a1f69dbf70d67c0e1a8adc47c6446f1165ca965021659d6a2e04068218b46ac56b91b8e8d95471fd2936e2f9ed0fc3c8264b
-
SSDEEP
98304:DHc0t5nANeQccqG/tkjrNeqngmUYF0/9z+H2n6Y6lQYBdFhs:Q86eQc7OWey1F0wWTOs
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5h8mj5hdmk.exe
Files
-
5h8mj5hdmk.exe.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 740KB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 214KB - Virtual size: 404KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 546KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 33KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ