4[.]5-laddon[.]exe

Resubmissions

14/03/2024, 16:35

240314-t32psabb44 9

14/03/2024, 16:34

240314-t3fsbabb29 9

Sharing

Copy URL

Twitter E-mail

General

Target

4.5-laddon.exe
Size

6.5MB
MD5

0db5998428a4d462adb481cbb295d865
SHA1

0259d4821139000a3e628febfdb5d86d86c5e8e2
SHA256

1b8f55c92d707abd005d1514bb17862b1f9e8c2740009fb45f5889cf29634763
SHA512

4d71d1a562bc9e817c4e511d589d9cd891b6c5eace655a6e575005fdb4f8e349ffbe3d08af098a517147d2d2ac16e2c831dcc4c032646cdb66a5c4e94c832dff
SSDEEP

98304:QP90vtgCDb6J/j3I/p9Yod4dvJon5qUtXZBNZDyDRReW+iC9IFk/lQz95+vCP7tW:G9Ogj3InYe41JonNZzIngD9qV95+vStW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4.5-laddon.exe

Files

4.5-laddon.exe
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.2MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 544KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 247KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 62KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.2MB - Virtual size: 3.1MB

Size: 544KB - Virtual size: 1.2MB

Size: 247KB - Virtual size: 470KB

Size: 62KB - Virtual size: 106KB

Size: 512B - Virtual size: 488B

Size: 4KB - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.8MB

.boot Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.8MB

.boot
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 16B - Virtual size: 4KB