2024-05-23_21d23b399a70b311d9d44c3984d05c6d_avoslocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_21d23b399a70b311d9d44c3984d05c6d_avoslocker
Size

3.7MB
MD5

21d23b399a70b311d9d44c3984d05c6d
SHA1

5f63586ba05b256d61591fb2e3497e947da0469d
SHA256

df918d8c3bf84011ac4c89ced63388e32e59db1b1351e9909d31fb378a1bcb11
SHA512

f12fd2f8e6dd241b69c1a8bd999118c8164bdd7902f2820d4096eb04b851f6f63681c933964dc95fc8676c2dbf0ab1f6455f798895ead48a5831db82543d0fe0
SSDEEP

98304:l3Qtf4DLv2A12vfAdP4hhKKylyEPqRTfUaXq:fLv2A12vfAdP4/vy4EmT9q

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_21d23b399a70b311d9d44c3984d05c6d_avoslocker

Files

2024-05-23_21d23b399a70b311d9d44c3984d05c6d_avoslocker
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE