Behavioral task
behavioral1
Sample
70f6d008869f17c3e7a0331102af159b.exe
Resource
win7-20231215-en
General
-
Target
70f6d008869f17c3e7a0331102af159b
-
Size
3.2MB
-
MD5
70f6d008869f17c3e7a0331102af159b
-
SHA1
e22527ec22fd44d25e31a32c0048f09494de7581
-
SHA256
ad7a74ddae7cc81d8610ab6bedb94857f38c03b795c4a612fbacc47941286709
-
SHA512
9f81b856d0e477c03bfe34581316661d79c1b8d34f1c69033b93be9e638d42653caca94ee38384b4cd889ee26a9b2bcbea9b0e1fbb5fb5a9f2b1cc6e34072c36
-
SSDEEP
49152:nZOi6qmoiGguu1bzMKmkwGYU7n5qLwAO+PCEMSOvkJgaEYotide9O5m9x4lPytUp:ZSXuuNZwRU7UnZrOv8gvqOMRdgUr
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 70f6d008869f17c3e7a0331102af159b
Files
-
70f6d008869f17c3e7a0331102af159b.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 406KB - Virtual size: 783KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 52KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 18KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ