62c10b787de1dd268df67f1079ae2cb5f16992582ea85c9da53e8b3352dd0a9d[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

62c10b787de1dd268df67f1079ae2cb5f16992582ea85c9da53e8b3352dd0a9d.exe.zip
Size

3.3MB
MD5

426192cd7560d8561f103c15f416f55d
SHA1

3b5d3f1937d5cc610c4d0162c2b0a18ce6991ebb
SHA256

e507de20b0ace06cbbc5b5a5fcfd1ee2a1574ff5cc95685940a0bb579a2c00df
SHA512

0c733a08c58cdb0578685ebe8020183abc0940fbac40073d2c6f8876572bc7f9483e3de6e695c1f7ba243d390c2dca7a28aa101c8afd4b29593790afb7ce18de
SSDEEP

98304:t9sU4BQAHTy1G3UqrddNpKUydiG/A5tUztV:tAQ8yo3/r/ygG/A5tUz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/62c10b787de1dd268df67f1079ae2cb5f16992582ea85c9da53e8b3352dd0a9d.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/62c10b787de1dd268df67f1079ae2cb5f16992582ea85c9da53e8b3352dd0a9d.exe

Files

62c10b787de1dd268df67f1079ae2cb5f16992582ea85c9da53e8b3352dd0a9d.exe.zip
.zip

Password: infected
62c10b787de1dd268df67f1079ae2cb5f16992582ea85c9da53e8b3352dd0a9d.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 510KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 39KB - Virtual size: 219.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 79KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 510KB - Virtual size: 1.3MB

Size: 49KB - Virtual size: 130KB

Size: 39KB - Virtual size: 219.9MB

Size: 512B - Virtual size: 9B

Size: 512B - Virtual size: 88B

Size: 7KB - Virtual size: 14KB

Size: 79KB - Virtual size: 98KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 16B - Virtual size: 4KB