70a1aa57047f844284ddb6a4fc464b54c4bfaa2dd8d4aced800b197ffcee27cb[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

70a1aa57047f844284ddb6a4fc464b54c4bfaa2dd8d4aced800b197ffcee27cb.exe.zip
Size

6.4MB
MD5

7dfec5c0bfaa1604956b27deb3ac1dcf
SHA1

d2676bd0eb6faa7293cdb1786bdebda81290d987
SHA256

0ba8860821fda2a1b18b8e4e25765d769096bdd7123bde6971c4fd1e6a5c3fa0
SHA512

909901a7e1620c61648549ab9c1f1a47a0cec2fd28e1f4ff9e3fe25df184a3e70ef374077332e9e2272f159ea4b5f86fdfe62b2325e9f3d28b126add8899f149
SSDEEP

196608:HYd7UyMH2b+VuQIiU+ff3lfmUMkGjLvvH5Ftru:HDHvu6UkvM6GX5/q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/70a1aa57047f844284ddb6a4fc464b54c4bfaa2dd8d4aced800b197ffcee27cb.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/70a1aa57047f844284ddb6a4fc464b54c4bfaa2dd8d4aced800b197ffcee27cb.exe

Files

70a1aa57047f844284ddb6a4fc464b54c4bfaa2dd8d4aced800b197ffcee27cb.exe.zip
.zip

Password: infected
70a1aa57047f844284ddb6a4fc464b54c4bfaa2dd8d4aced800b197ffcee27cb.exe
.exe windows:5 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 358KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 358KB - Virtual size: 672KB

Size: 52KB - Virtual size: 198KB

Size: 2KB - Virtual size: 44KB

Size: 15KB - Virtual size: 26KB

Size: 52KB - Virtual size: 76KB

Size: 1KB - Virtual size: 2KB

.imports Size: 1KB - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 7KB

.themida Size: - Virtual size: 9.6MB

.loadcon Size: 512B - Virtual size: 4KB

.boot Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 7KB

.themida
Size: - Virtual size: 9.6MB

.loadcon
Size: 512B - Virtual size: 4KB

.boot
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 16B - Virtual size: 4KB