Behavioral task
behavioral1
Sample
04196b8a0869c9f19b3805b4f861a0e1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
04196b8a0869c9f19b3805b4f861a0e1.exe
Resource
win10v2004-20240508-en
General
-
Target
04196b8a0869c9f19b3805b4f861a0e1.exe
-
Size
6.6MB
-
MD5
04196b8a0869c9f19b3805b4f861a0e1
-
SHA1
8ed2478e15af46fa12059bc2e47cc638f3238fb0
-
SHA256
34f4c84b4046eb6c9b1a30ebaecc226f60170d8c575319354ae120c40e589973
-
SHA512
84f9f1de0c8bacce56917e401b8d5ff6a5613b9e231877e8d8be37bdfc03718605f2de39066bafb7fa44435d6eab840ed9c4868716d5127c86f2111b24786e82
-
SSDEEP
98304:txondzNbVrqNn9C18EPukfT6fys71nMBEKew2OfVcc:LSbqNn9C1LfT6nyBEKew2OfVcc
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 04196b8a0869c9f19b3805b4f861a0e1.exe
Files
-
04196b8a0869c9f19b3805b4f861a0e1.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
Size: 2.4MB - Virtual size: 9.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 113KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE