Behavioral task
behavioral1
Sample
4119e6d0b20031d861fda3e16a765acf.exe
Resource
win7-20231129-en
General
-
Target
4119e6d0b20031d861fda3e16a765acf
-
Size
2.7MB
-
MD5
4119e6d0b20031d861fda3e16a765acf
-
SHA1
21a89a8f7eb9de79e0fb52fd525e25d0bf714453
-
SHA256
21aec16eb3bca2988ca0a62f13ea7ba42d7b3b38b27d19d3de3f5d1d1dabbca0
-
SHA512
038895a22645bf82bd076ebb4e74231c19a5322ffdd1615527518cc1b8b2a76677ba280bf9993e5b467af2a9b22a85eb19b4b198161f0e073d731162640d920a
-
SSDEEP
49152:7b2Ayt8Ek5WZnjWAIWSfEHcqSFryCio/pzW4oykBqUcxU/ivwZPWP0+:n2Ay7kIj38vprW4KBqFU/6wZo0+
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4119e6d0b20031d861fda3e16a765acf
Files
-
4119e6d0b20031d861fda3e16a765acf.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 296KB - Virtual size: 570KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 40KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 22KB - Virtual size: 228KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 6KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.imports Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ