SecuriteInfo[.]com[.]Trojan[.]Siggen19[.]27544[.]16723[.]4470[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Siggen19.27544.16723.4470.exe
Size

7.3MB
MD5

5b7700908cb80adc7b758a6b91798ea4
SHA1

8b94abe675066200d1356dc0aed3ba7d22fd0f16
SHA256

6875f2ca4906ca1e979f63cd2c9c2d7631b45f31006fa08819f8112aad760806
SHA512

26fa782996d6b6cb43360f1529d50565feb7ae98dcf588a2795a0a40da0e9d436d18dd0fb8bd541d02683909c61de3cee6d850b0959d1d14500e8a009770c211
SSDEEP

196608:L4VcfSljiIMCstvX0bziJhSnStsPp5a/SNivEenpZ:8VKS1fUkmrHYviSNuEez

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Siggen19.27544.16723.4470.exe

Files

SecuriteInfo.com.Trojan.Siggen19.27544.16723.4470.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.8MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 188KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ