Behavioral task
behavioral1
Sample
75119fe9f878feee28e29601e9fbe6ab.exe
Resource
win7-20231129-en
General
-
Target
75119fe9f878feee28e29601e9fbe6ab
-
Size
9.0MB
-
MD5
75119fe9f878feee28e29601e9fbe6ab
-
SHA1
24a48b0309a58f226fc54206cc1c37b16085ad02
-
SHA256
bde72889e6726e74c922375df348762679081c38c2e60a34481635a4cdaa76cc
-
SHA512
3dc098c95f9abbbee4ae4a49221da51592ab791f073a860d21f0c45bb584a95e9dd6b106742996dbeea7ed75f2d691271839909963f25877bed7406639cf2fd6
-
SSDEEP
196608:jFdhCokh2aPWzqHcveCucAgb6lPkJBw2x25Ejp:jFdhVSW+iejcAs6lMJ62g5k
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 75119fe9f878feee28e29601e9fbe6ab
Files
-
75119fe9f878feee28e29601e9fbe6ab.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 6.0MB - Virtual size: 8.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 10KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ