Behavioral task
behavioral1
Sample
8b5861dc1c5772a6512aef0fa0761956.exe
Resource
win7-20231215-en
General
-
Target
8b5861dc1c5772a6512aef0fa0761956
-
Size
5.7MB
-
MD5
8b5861dc1c5772a6512aef0fa0761956
-
SHA1
dcebd52e16bba1ac7ddceb29d524143b25c568e5
-
SHA256
a22dbc7aab26757e26cc2c626b54a62ab425cbe19fe202fb8b7f70e2b5d64082
-
SHA512
bdb24999f68786633b50cee878ddf5f852ea5fa38aa1ba750c00b296c91253b78ccf74540ccded36b281eb51dede60916120e88c59afcd310076b4fdb6db2968
-
SSDEEP
98304:EfaCOBF2ChX5cFY2jh2nu/MCxFAkS2EWbDeqa9Q80jQt0ehfMRYFanpAuARQEsRk:manBFJO8O2rnyeF/0jC0elIp3cppxX
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8b5861dc1c5772a6512aef0fa0761956
Files
-
8b5861dc1c5772a6512aef0fa0761956.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 16KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 16B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 8.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.taggant Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ