575ba03c44749d5adfa5fac858769e150b70861586320883e02b2a802c27f732[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

575ba03c44749d5adfa5fac858769e150b70861586320883e02b2a802c27f732.zip.zip
Size

26.8MB
MD5

280d09f3b2c4fe0862f3cc3c98c891d8
SHA1

a9cffb4abeae32e9fa22aa53a899b1453ce566c9
SHA256

75589cdbd01804cd5a3c9537a85b67de5e06858d2770baf5f20c53da076257bc
SHA512

4c84a885697d595b8bdee1cddb822d5e90a3bc286c6e37ae09c1741b0517aabbe9c13009c431532e4837c42fcf54983885f09d97e4fa46839995826d434cd4fb
SSDEEP

786432:oVTB3ZyKpnDpweoQikDJzFMLGLkPPkmZDUFTQ8R2XhRq:oFjyKpnDpwBRkDpmLGLkDZIRmq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack002/B5js43xaX2.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/B5js43xaX2.exe

Files

575ba03c44749d5adfa5fac858769e150b70861586320883e02b2a802c27f732.zip.zip
.zip

Password: infected
575ba03c44749d5adfa5fac858769e150b70861586320883e02b2a802c27f732.zip
.zip
B57J/BR.ini
B57J/CN.ini
B57J/EL.ini
B57J/ES.ini
B57J/FN.ini
B57J/Font/VN.dds
B57J/Font/br.ttf
B57J/Font/en.ttf
B57J/Font/kr.otf
B57J/Font/sc.otf
B57J/Font/tr.ttf
B57J/GR.ini
B57J/KR.ini
B57J/PL.ini
B57J/RU.ini
B57J/TUR.ini
B57J/TW.ini
B57J/VN.ini
B5js43xaX2.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 109KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5.1MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 109KB - Virtual size: 168KB

Size: 18KB - Virtual size: 64KB

Size: 5.1MB - Virtual size: 9.7MB

Size: 5KB - Virtual size: 9KB

Size: 1KB - Virtual size: 33KB

Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 11.3MB

.boot Size: 7.4MB - Virtual size: 7.4MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 11.3MB

.boot
Size: 7.4MB - Virtual size: 7.4MB

.reloc
Size: 16B - Virtual size: 4KB