Behavioral task
behavioral1
Sample
a292a15e18ebb542a36509dc86e2b294.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a292a15e18ebb542a36509dc86e2b294.exe
Resource
win10v2004-20240221-en
General
-
Target
a292a15e18ebb542a36509dc86e2b294
-
Size
1.4MB
-
MD5
a292a15e18ebb542a36509dc86e2b294
-
SHA1
16c5660c4f03e02aec399821568d0178d5067726
-
SHA256
8462d608d04b29277d73c4df5bacc1baddc852ffabded6e70535ac89f8a5c620
-
SHA512
f7499eb377af0b36f145dcb2b41c424048d0f3b2ca8804d65a82301d9e0b1f81fa516d21b9f2550dbabd16646209f8632685dd99fcce503d6fb60483dc167b5d
-
SSDEEP
24576:jNg3tLAZjVrxCAgjMXV317ma+1mSNX0vuIS2PFe+V9uQ/PT85op6VaF3lmH5hjzU:jNI8j9cjMX517m31rXyuISwFPJr86prh
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource a292a15e18ebb542a36509dc86e2b294
Files
-
a292a15e18ebb542a36509dc86e2b294.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 24KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 256KB - Virtual size: 247KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 1.2MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE