SpyderCrypter[.]rar | Triage

Sharing

General

Target

SpyderCrypter.rar
Size

4.8MB
MD5

fe47299553c0972ec170d166b9037ae9
SHA1

8a8e27d3563e181b7cee1038c8bd81791f1714b2
SHA256

6209712229816eb836f3b5492c23fa20afa7cf582111da9f90c8714c23a8812b
SHA512

097e2add3c75659fecc9f294bacf9292881ad56831d1633716bf24ee8eee45111e33058393e04b3bae96fc55a4c17edba16efe0f7e46fcc6376f1c004fbb03d8
SSDEEP

98304:TL3X7Et5fcooV2Tck95VZ2BCsvACfdrpdxuf02jqhzDezbnrvPQudfuz:T7XYttcoojkXV/uA4ddgc+qVkHGz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/SpyderCrypter.exe	themida

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/SpyderCrypter.exe

Files

SpyderCrypter.rar
.rar

Password: Spyder
SpyderCrypter.exe
.exe windows:4 windows x86 arch:x86

Password: Spyder

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.0MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 660B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ