temp_howl[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

temp_howl.exe
Size

10.4MB
MD5

f2a8be093dd7d30c01fd57ce5b55c879
SHA1

0ed3affca3ba1ee7c08f6a65f9ea751bd49198dc
SHA256

42dce0a6272b59c3277ef475ebc845d99020190ba2300409d9ec19ae4b3dcdd1
SHA512

05ff3774542713f827aef7a3d2fe92acb69ec1e8014ca2e9a70e18697f06528e81d9130bab58e941079d9d965d2edbb58bb6726419281c3e16f24dc3ef965aac
SSDEEP

196608:B6ATZyD11Kw53YUYfJ926PvJNqt71jNGiwLueDCed1wnDU:B6WyDf53YUs2Mvjqp1x73AC4yY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
temp_howl.exe

Files

temp_howl.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 684KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 13.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 616KB - Virtual size: 616KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 684KB - Virtual size: 687KB

.pdata Size: 22KB - Virtual size: 21KB

Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.themida Size: - Virtual size: 13.3MB

.boot Size: 9.0MB - Virtual size: 9.0MB

.reloc Size: 16B - Virtual size: 4KB

.text
Size: 616KB - Virtual size: 616KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 684KB - Virtual size: 687KB

.pdata
Size: 22KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.themida
Size: - Virtual size: 13.3MB

.boot
Size: 9.0MB - Virtual size: 9.0MB

.reloc
Size: 16B - Virtual size: 4KB