General
-
Target
Horizon.exe
-
Size
4.3MB
-
MD5
7d4f61808a1930ecaa5a5394e8b82f3c
-
SHA1
42024d6ab5bb322cc24d0deffcafe13b06493900
-
SHA256
4ff14ae75efbf8d32d4116fb4761bb2923cc550b838040b47a88effa4e130dd9
-
SHA512
58b406b9c6b4eb9165289d9a45491a524d904e47a79a1e3c73ffeb65b6d4236a7dfadfb15fe8ef3257fc5d5494d930f4ad67b960d2600d4b07f923d547e9e6d2
-
SSDEEP
98304:X9u4KpsUungLWCcHvWwIdZlG6RShiO0tM2KCg/PQpaTTgWN5Hb+:X9u4KWUWOFX5Gcm/PQpaTMOb+
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Horizon.exe
Files
-
Horizon.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 407KB - Virtual size: 776KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 84KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 19KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ