b0778fe6fdf3348ad6e10e6b02199f9b63662f6a061b1ca260e80019d1d0c90b[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

b0778fe6fdf3348ad6e10e6b02199f9b63662f6a061b1ca260e80019d1d0c90b.zip.zip
Size

27.7MB
MD5

e49e2d9490d1276cc2fd384fe0c2e4f0
SHA1

e666d9902825ed105ee8b851ed791ed9625dadfa
SHA256

a60ae755a635a84b57e1e2d74884f2cc56424dc1164b1beceb531b6b8e1d4140
SHA512

b62162b0303497b631af4363841324326db9d871fba9ae201a6b2f27a5fc0e672d5a375b67710bd341c24cb2daa907454c9b656785354cee75c3d7b24bf97210
SSDEEP

786432:m+cIVvMDyh50Hfy9w4VIDLarb89sXWke7MITsDR3ssMQ:tcIVU+h79T6W09sXK7MIT8sM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack002/YfXFl26W9E.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/YfXFl26W9E.exe

Files

b0778fe6fdf3348ad6e10e6b02199f9b63662f6a061b1ca260e80019d1d0c90b.zip.zip
.zip

Password: infected
b0778fe6fdf3348ad6e10e6b02199f9b63662f6a061b1ca260e80019d1d0c90b.zip
.zip
UN7/BR.ini
UN7/CN.ini
UN7/EL.ini
UN7/ES.ini
UN7/FN.ini
UN7/Font/VN.dds
UN7/Font/br.ttf
UN7/Font/en.ttf
UN7/Font/kr.otf
UN7/Font/sc.otf
UN7/Font/tr.ttf
UN7/GR.ini
UN7/KR.ini
UN7/PL.ini
UN7/RU.ini
UN7/TUR.ini
UN7/TW.ini
UN7/VN.ini
YfXFl26W9E.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 109KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5.7MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 109KB - Virtual size: 167KB

Size: 18KB - Virtual size: 64KB

Size: 5.7MB - Virtual size: 10.5MB

Size: 5KB - Virtual size: 9KB

Size: 1KB - Virtual size: 33KB

Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 11.7MB

.boot Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 11.7MB

.boot
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 16B - Virtual size: 4KB