General
-
Target
bf5a41c08bbc65bac437d651c7334a8ea6c2113a6fa20c817a1c5623124da047
-
Size
6.9MB
-
MD5
17690c2797304e23ecc981547b30c90b
-
SHA1
f9a8522d16347a6b0b43de9fbc2907a6a5e6b4ab
-
SHA256
bf5a41c08bbc65bac437d651c7334a8ea6c2113a6fa20c817a1c5623124da047
-
SHA512
afda7340825129cfa8f7dd470ade6d5f9ccec8193cd5b4a45cd402d5713889d87b486e97452c619f154da0ae9cd45a033eb11029fa5f548c0dd5f5d6b0d0b3c1
-
SSDEEP
196608:yDyOC3sRFevFLOyomFHKnP55zhOBDLWRM2dw:yD/eF6kGrq
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bf5a41c08bbc65bac437d651c7334a8ea6c2113a6fa20c817a1c5623124da047
Files
-
bf5a41c08bbc65bac437d651c7334a8ea6c2113a6fa20c817a1c5623124da047.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 896KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 121KB - Virtual size: 351KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1.5MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 106KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ