General
-
Target
Scylla.dll
-
Size
8.7MB
-
MD5
6591418ca506062c46ee231742beec0f
-
SHA1
9d72c5418713e96f812bd73635f4a60a6739ea5a
-
SHA256
569482d7a0cc48d2c85ae477919a2f25d426aa7450b25337dd98837f4f09cf4a
-
SHA512
20595655b0e0dc46d387b6d1eefec7303444952212671febdbbb55d214f393f45bf4df47e1a69809e64c705691cd47b687859afd54592314ef7c16a621dc842d
-
SSDEEP
98304:nOZvWuxAIOSIdbgXfb/9JLipfST8MCldVh7ygVn0sjv3JIy2YgaEv9YmR46Urzyy:CWB83KvdCi1jZvJmR4drIrwnx
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Scylla.dll
Files
-
Scylla.dll.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 2.4MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 111KB - Virtual size: 322KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 323KB - Virtual size: 323KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 9.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.taggant Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ