Behavioral task
behavioral1
Sample
b4eca0c093be55ecd3e7ad17b5130e46.exe
Resource
win7-20240221-en
General
-
Target
b4eca0c093be55ecd3e7ad17b5130e46
-
Size
2.9MB
-
MD5
b4eca0c093be55ecd3e7ad17b5130e46
-
SHA1
27601722e5dfc4523842b6f3998f0d82a584b7dc
-
SHA256
eeb187cdea92ed939a396ee999acfd756a09663dd8a7f444cdbf72d06b660815
-
SHA512
2c1db64502b86c547541024390357dd526d09b37d90e4adbf00ddf547516549fb10eda64165f3f1c3aa849bca48a6afad1081ce4654e5ab064124751e0289146
-
SSDEEP
49152:h9jl72TC3sg0nn5Mvx+noHXYUgbWyhmEvOKpwVQW3NgLQ29p2t3u20FlvSou0izh:h1l7b3sg0nn5Mp+noHlyhJGKKUMM20js
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource b4eca0c093be55ecd3e7ad17b5130e46
Files
-
b4eca0c093be55ecd3e7ad17b5130e46.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 255KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 16KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ