Behavioral task
behavioral1
Sample
4a888d7d7c10d876b4a968cb55100fb4d3f47ba4559b0ba024d48dcd238056f5.exe
Resource
win7-20240221-en
General
-
Target
4a888d7d7c10d876b4a968cb55100fb4d3f47ba4559b0ba024d48dcd238056f5
-
Size
3.9MB
-
MD5
9e43ceb591974d27efdd0c737aff3afd
-
SHA1
9d876dba0e37202e9e542dbd7d0c80328acbd91a
-
SHA256
4a888d7d7c10d876b4a968cb55100fb4d3f47ba4559b0ba024d48dcd238056f5
-
SHA512
b7da75c8806ac75d8cf8b236d4990feaa2560d127fa395ce887698811e370ca76ca72b0b6ad17f10ea71217a2894743105132b1be72ca12f53a1674100d61b9f
-
SSDEEP
98304:H826JEKsA62WkmDD8E/MgqHUWN0uZKGslF8uGbhMFFaMMwKw/1BbsR:H82YEKsl2xG5y05uZK9FjGbOFF1k2Bb6
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4a888d7d7c10d876b4a968cb55100fb4d3f47ba4559b0ba024d48dcd238056f5
Files
-
4a888d7d7c10d876b4a968cb55100fb4d3f47ba4559b0ba024d48dcd238056f5.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 487KB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 93KB - Virtual size: 435KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 393KB - Virtual size: 786KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 29KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.imports Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ