WindowWatcher_[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WindowWatcher_.rar
Size

3.9MB
MD5

af97e923bd55b33898ea6fdb52f8c202
SHA1

cd418762b7dede6f1d030a0db2ad5a37ffcedd01
SHA256

0e11a4a6e840cde05eb76d2c73ceb0dee19df7c40e01b19a568ee9dd2626cf40
SHA512

c6a04f469ce0d25376100c9b3e6bd93e389714b138b7e5ddc26acb9db277f841456512b1866b6d8e99c5e0916e6493176ce824078624ba7a45206f557a844cdb
SSDEEP

98304:lsyR9FTIQvUKO2hVgdlUDUQm/4t6A/xOimhJMP30Eprbf0q7LsbER:lBsQvUKO275m/iwiUJMP3Rbf0mLWO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/WindowWatcher_/WindowWatcher_.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WindowWatcher_/WindowWatcher_.exe

Files

WindowWatcher_.rar
.rar
WindowWatcher_/WindowWatcher_.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 356KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ