Behavioral task
behavioral1
Sample
python-3.12.3-amd64_protected.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
python-3.12.3-amd64_protected.exe
Resource
win10v2004-20240508-en
General
-
Target
python-3.12.3-amd64_protected.exe
-
Size
8.6MB
-
MD5
328626049b23e7d5fbe12f9503853d53
-
SHA1
402ca69107944196f421a16ce3be363a0f4e991c
-
SHA256
96eb67eaf4d600885d149701f7b720f004a1646775a179e77e8706762405e921
-
SHA512
5425ef358018a66977e711bfa2a794c725bd153df5989cae52419115c981ce94cc15b6ae826c42d786aa3363151d9c051ae53407ab5e07fcc7365ef054b03c91
-
SSDEEP
196608:VGjSZs4BJq1Ey1FJrMwM/RAWOY+3uWjNyWte7c:VXZsI0F5MYYjWjM7c
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource python-3.12.3-amd64_protected.exe
Files
-
python-3.12.3-amd64_protected.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 1.2MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 11.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 7.4MB - Virtual size: 7.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ