Provision Vip[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Provision Vip.zip
Size

10.5MB
MD5

4950a391eaeae3216cf1900b07ad17af
SHA1

e453d8ebb405ca6a300aef70f25423b619ef3681
SHA256

a510cd9c6b6412f7fab0119a78aed6fc12d4c75c34f5323849856fe414ad2e24
SHA512

80431be69de8478101b887b7c15bba8f00c7597059df37bf3c11ad71f1084900d37d120abf04007470e54e78fc6010cd3cf0e73ec22f329dcff86b62e475a585
SSDEEP

196608:H9V3zC6VqKjwTzDygZCeY83OrinMGECAgqnIZ1upsPF7ewVK/KSfls:dF/VqFDygZR3OrPVKYuiyIs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/Provision Vip/PROVISION BYPASS.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Provision Vip/PROVISION BYPASS.exe

Files

Provision Vip.zip
.zip
Provision Vip/PROVISION BYPASS.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 266KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 62KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Provision Vip/VISION.ini