DZKJ-1[.]0[.]0[.]52[.]exe | Triage

Sharing

General

Target

DZKJ-1.0.0.52.exe
Size

14.8MB
MD5

7d94503119588f1e769d1a871a949969
SHA1

d31a2fcb9fa635b7ca9cda8b6a239815a6645dcd
SHA256

dcb378e8645acb7a8c2be0f51f9c9c125044659a73390d524accb96772f79a16
SHA512

cc1b52450d9623d6766320cc80346fe6e8e00f669b2a3f7fd8ab95e5c610803d66457e886e62dff371421982dd21c259159eb5a0907c94562f018e816e3dd95f
SSDEEP

196608:WgA3UoPtKLBSIkMmf5XPmImn/2gpi08QukGZl9lEL38NlxgjewYk1jrMX+5j6txW:pAkolIBShMwu+2ukmoKlxgjewXmxB35m

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DZKJ-1.0.0.52.exe

Files

DZKJ-1.0.0.52.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 748KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.3MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE