Behavioral task
behavioral1
Sample
cde29f86a463c2b7b2c1c37c25510de6.exe
Resource
win7-20240220-en
General
-
Target
cde29f86a463c2b7b2c1c37c25510de6
-
Size
3.2MB
-
MD5
cde29f86a463c2b7b2c1c37c25510de6
-
SHA1
2cd7e3c1148d46c70c9ddfb741b05d9bbb366f24
-
SHA256
ce262306799e45772700d543e60afd1058ae62e820c18611c9b05c7ae861a758
-
SHA512
43cfda9e057b295380fc31b4cb576a01601fa8ab79d69c4561a0a1e3cc4fecacf8cdb4ce6f7075f38fd873fc8f49608e0744217a104442aceb8af16290c1f93a
-
SSDEEP
98304:3I61PlPTdw1i1FHThkQM+JLqbSPxXq8nLNS:v19Si+u8cXqUBS
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cde29f86a463c2b7b2c1c37c25510de6
Files
-
cde29f86a463c2b7b2c1c37c25510de6.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 43KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 577B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 1024B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ