dGaterotected[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dGaterotected.exe
Size

2.9MB
MD5

875bfde0a05acf96a1eef84ed9a5f602
SHA1

b3364c3111d63f1addd3e155d45e3eabc9108141
SHA256

f6d1a288af4e90781141898550f087b80cac4760107f1e75bcecd29f4d2052ca
SHA512

e51bf6909e1a3adc09265940c2515cd04c698ac3b649e9e789bc43b690cdfd9d4cb645286a1df6e43947e3da9a5c67ee7f59c95889e8745475c81bfc4ea4b036
SSDEEP

49152:Nsi4tlRKFFq71h9e+GHGG6s35YnRQQ0FbtH7WbkMhB59BA8w4pjs1D:NJQRKFo1R29zan8BH7Wq6w

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dGaterotected.exe

Files

dGaterotected.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 188KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 188KB - Virtual size: 372KB

Size: 8KB - Virtual size: 20KB

Size: 4KB - Virtual size: 8KB

Size: 4KB - Virtual size: 8KB

Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 4KB

Size: 20KB - Virtual size: 24KB

Size: 4KB - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 66KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 66KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB