Behavioral task
behavioral1
Sample
d48c879550b8c03395e47c40aae3de8d.exe
Resource
win7-20240221-en
General
-
Target
d48c879550b8c03395e47c40aae3de8d
-
Size
560KB
-
MD5
d48c879550b8c03395e47c40aae3de8d
-
SHA1
87c5fb7981467b924c6470952637eda56aba99fe
-
SHA256
96e5cedc2f31b42c0544a9a34ce92bfd2cdafbdcf0aee155770e6c46250ff428
-
SHA512
17d2d7aea6e32dad33727a5d810329dfcdabda1fd947ddf8e04e0f77b1665d5767a63c57d0ffd2b9b8eea62ef68b4d92e9653737694d59325b05b413900ece03
-
SSDEEP
12288:zoNs/NrYYJ5xnKY7H1kZrZoCNsvU16DojrYchNjBlVvt:Z/NrYYJXz7HArZzqlDoPxfj1
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d48c879550b8c03395e47c40aae3de8d
Files
-
d48c879550b8c03395e47c40aae3de8d.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 67KB - Virtual size: 448KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 488KB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE