Behavioral task
behavioral1
Sample
343dc3cebdcf155b2592e83c4d13790b3b819cdc64a79ecbf82c3bb1245d9e53.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
343dc3cebdcf155b2592e83c4d13790b3b819cdc64a79ecbf82c3bb1245d9e53.exe
Resource
win10v2004-20240508-en
General
-
Target
343dc3cebdcf155b2592e83c4d13790b3b819cdc64a79ecbf82c3bb1245d9e53
-
Size
3.7MB
-
MD5
803c359c6937b34386261e88ce5ccfc7
-
SHA1
9f1b5d080757c949d0dd9bd6b02e9a1b3aae8340
-
SHA256
343dc3cebdcf155b2592e83c4d13790b3b819cdc64a79ecbf82c3bb1245d9e53
-
SHA512
8d015d08a86a056c78de4ea96cc34400bbe09728174c3710343ff058355a9181ad4e1a26d4a5adc71ff52678e83d8dfb530ad5d3ed708db22ed0ba940634cd06
-
SSDEEP
12288:D0+OKhnkKZn1H3yWO3+VecDmJrrp7qGw:b3jn1H313yJrrpOG
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 343dc3cebdcf155b2592e83c4d13790b3b819cdc64a79ecbf82c3bb1245d9e53
Files
-
343dc3cebdcf155b2592e83c4d13790b3b819cdc64a79ecbf82c3bb1245d9e53.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 395KB - Virtual size: 912KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 66KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
��#�״�� Size: 2174.0MB - Virtual size:
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Themida Size: 1.3MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE