cc040dc29203b3517911366c0ea5157b

Sharing

Copy URL Twitter E-mail

General

Target

cc040dc29203b3517911366c0ea5157b
Size

2.1MB
MD5

cc040dc29203b3517911366c0ea5157b
SHA1

d2de3671a2e4f696b01479d358ec8bd445dae021
SHA256

5c236497af162e1cd266fc498253fc6e25eeae3214e7fd771e1083932f9ac38e
SHA512

e08f4f032aa95dc2a4fe14530f486599eaeda81b2055767c704cff5d5cbbf35a7b5e53e54b9473ac958b438d376739bb6d1c2ab52125b76cf9b04238413a397e
SSDEEP

49152:FVAgMPdQNhzcq0tSsoEEFjBt5Yc4u+4nPc8nHkbXDJ:FVlDhzcq0QsoEERFyOnPEDl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/ztqdq.dat	themida
static1/unpack001/征途启动器112-穿怪.exe	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ztqdq.dat
unpack001/征途启动器112-穿怪.exe

Files

cc040dc29203b3517911366c0ea5157b
.rar
92wg在线购买外挂卡.url
92wg说明.txt
Setup.ini
SrvList.ini
ztqdq.dat
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 380KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
区数据.ini
启动器说明.txt
就爱外挂网.htm
.html
征途启动器112-穿怪.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 308KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 700KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 456KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
账号文件演示1.zh
账号文件演示2.zh

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 8KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 380KB - Virtual size: 900KB

Headers

File Characteristics

Sections

Size: 308KB - Virtual size: 436KB

.rsrc Size: 368KB - Virtual size: 366KB

.vmp0 Size: 700KB - Virtual size: 698KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 456KB - Virtual size: 1.0MB

.rsrc
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 380KB - Virtual size: 900KB

.rsrc
Size: 368KB - Virtual size: 366KB

.vmp0
Size: 700KB - Virtual size: 698KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 456KB - Virtual size: 1.0MB