TS-240514-UF1[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TS-240514-UF1.7z
Size

3.0MB
MD5

c593b75e303138c4b98a722b40dedff6
SHA1

d59d158282daa4b035a8a22e71e2b5949ce98ad9
SHA256

6c1b7939733a7f5174f081a5b88bfb232ebf5b5ad14d4e8bfad0d1ec6a2051bc
SHA512

7a76e5d74ec871226468f65505d3e620145ca67dee4f26a47833311537011256695fb26d7c8859c18914bdbbe764d0d947e86b957e5f99526e0a72f3f326d853
SSDEEP

49152:Xu80j8kjIStuzWy261piGHUPaeh8xExS0yxy9jEBsiRsRHfKjvwhRLU7Y:+1ltuzWL61pi4UPaHErXO6Kjj7Y

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/TS-240514-UF1.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TS-240514-UF1.exe

Files

TS-240514-UF1.7z
.7z

Password: infected
TS-240514-UF1.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ