2024-06-05_e60b2eeb32097c389c415f7c5146a53c_avoslocker_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-05_e60b2eeb32097c389c415f7c5146a53c_avoslocker_revil
Size

20.0MB
MD5

e60b2eeb32097c389c415f7c5146a53c
SHA1

16ebecbbfd831f7836d8e3c972ec7ff3cb36f8da
SHA256

0c421c3e4c18edf3d862b78b8ed5ce498ddd4db26828dde1891efef79949bf77
SHA512

f9005674ae263bbee3e00012e781a7d6220c96ad342b6bb4247006e09ee6389d17f346997b060adb2d36369b851f9c96f882ad0fc2d1be35ca097343af2ab1ac
SSDEEP

393216:FWvGqClv/JbRJrRZCgEJsv6tWKFdu9CovUAmIMEFoFfx:Yexlv/J7/UAmIMEFAfx

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_e60b2eeb32097c389c415f7c5146a53c_avoslocker_revil

Files

2024-06-05_e60b2eeb32097c389c415f7c5146a53c_avoslocker_revil
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 9.7MB - Virtual size: 9.7MB

.rdata Size: 5.8MB - Virtual size: 5.8MB

.data Size: 115KB - Virtual size: 196KB

.qtmetad Size: 1KB - Virtual size: 1KB

_RDATA Size: 1024B - Virtual size: 548B

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 327KB - Virtual size: 326KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.8MB

.boot Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 16B - Virtual size: 4KB

.text
Size: 9.7MB - Virtual size: 9.7MB

.rdata
Size: 5.8MB - Virtual size: 5.8MB

.data
Size: 115KB - Virtual size: 196KB

.qtmetad
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 1024B - Virtual size: 548B

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 327KB - Virtual size: 326KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.8MB

.boot
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 16B - Virtual size: 4KB