SkeetSpoofer[.]rar | Triage

Sharing

General

Target

SkeetSpoofer.rar
Size

3.1MB
MD5

97529b0672a921476342765ed9912a79
SHA1

78fe6847666072f9c10e6490c3fc26d5255141d5
SHA256

d951abd01209f18b5b3ca2eb53babaefbe2db7cbe6abd1f2f902d69b29be5027
SHA512

ffc6e03b4d78634ae69c1d8e5ba1f31ed015efc125aa1490827b7ab2917913289067560d25d7ad2a3aad4fdffe681fea81b6442ecb588f598f0e6f4f66abd569
SSDEEP

49152:3375rCMzDMfF9HUClrBcPtxKxWTspUwluoccg3Dm+1HQ1VG4VCjTrGmv6eeE2Aqf:hHDg/8QWI11M4YjDvPMf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/SkeetSpoofer.exe	themida

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/SkeetSpoofer.exe

Files

SkeetSpoofer.rar
.rar

Password: Skeet
SkeetSpoofer.exe
.exe windows:4 windows x86 arch:x86

Password: Skeet

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 67KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ