General
-
Target
ZeusWooferFree.exe
-
Size
10.7MB
-
MD5
163274ea203d9f847c9efdfa75b40c84
-
SHA1
edd4becc96c9b859f96691d8eb2e63e0a3fa08f2
-
SHA256
65585c660ceb3d7bf06d0d167040471e9437ee5835dc077766b87ffb9d3590a9
-
SHA512
65e7f6cd468052c100f79fb80ffdfc4562d551430c37d3ca2a03b7df88f744d993cfb2e454007f769854e5d018c0b6009a7a02516e2019ba36f68e2c2969d413
-
SSDEEP
196608:8IiTxXV4WBNWgHRBsn29XA1Zz7pMRz5/832UFkgFQ811wZuxqRGKWmHBCni9gGq/:hUFBNrH7Z9Nb032YLQ8MZIULHBCiiGq/
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ZeusWooferFree.exe
Files
-
ZeusWooferFree.exe.exe .ps1 windows:4 windows x86 arch:x86 polyglot
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 7.8MB - Virtual size: 7.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ