62e10162bd91f44f848a97b74eda533954b90a077be0bfc933e6feb83ebe296e[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

62e10162bd91f44f848a97b74eda533954b90a077be0bfc933e6feb83ebe296e.zip.zip
Size

27.5MB
MD5

d31fabb8eab8a271d23a442567624be4
SHA1

664505e2412617c91452a99cf0189bd2924efd89
SHA256

786e12599da5eeaa0a9c9d416049718e8c4288bddde4bb98f1ad23df9c62e230
SHA512

af33101d412b5cf25b8e6541b17fa730e21ea43b4732fb64d664508fde6ed8dca5ca1ba2bb02e2e4ad251f52d2b76007727a86664e462f4b2aad80ce76e79268
SSDEEP

786432:E53/TJNis7bUeZg1GjZOQBZaJRUefUo3gw:EtTJNpmOFBZSLsMgw

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack002/wfn9WDkL54.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/wfn9WDkL54.exe

Files

62e10162bd91f44f848a97b74eda533954b90a077be0bfc933e6feb83ebe296e.zip.zip
.zip

Password: infected
62e10162bd91f44f848a97b74eda533954b90a077be0bfc933e6feb83ebe296e.zip
.zip
1QPUKI5OLER/BR.ini
1QPUKI5OLER/CN.ini
1QPUKI5OLER/EL.ini
1QPUKI5OLER/ES.ini
1QPUKI5OLER/FN.ini
1QPUKI5OLER/Font/VN.dds
1QPUKI5OLER/Font/br.ttf
1QPUKI5OLER/Font/en.ttf
1QPUKI5OLER/Font/kr.otf
1QPUKI5OLER/Font/sc.otf
1QPUKI5OLER/Font/tr.ttf
1QPUKI5OLER/GR.ini
1QPUKI5OLER/KR.ini
1QPUKI5OLER/PL.ini
1QPUKI5OLER/RU.ini
1QPUKI5OLER/TUR.ini
1QPUKI5OLER/TW.ini
1QPUKI5OLER/VN.ini
1QPUKI5OLER/dd.ini
wfn9WDkL54.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 109KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5.8MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 109KB - Virtual size: 167KB

Size: 18KB - Virtual size: 64KB

Size: 5.8MB - Virtual size: 10.5MB

Size: 5KB - Virtual size: 9KB

Size: 1KB - Virtual size: 33KB

Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 11.5MB

.boot Size: 7.4MB - Virtual size: 7.4MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 11.5MB

.boot
Size: 7.4MB - Virtual size: 7.4MB

.reloc
Size: 16B - Virtual size: 4KB