SalesAndTales[.]zip | Triage

Sharing

General

Target

SalesAndTales.zip
Size

4.1MB
MD5

c0b1e4436b0f695734f3354152f6f4f3
SHA1

7916e2f4c0107c768bc66308f2f7dc5cedf2b1f2
SHA256

3c2964a659a4c597aea369db6c7faddd4b314c699839249ea6392feaa8b479d2
SHA512

bf36b6a8ee485c309e51e6d358aef055c68338d744b77a6dfe474fc47e9f0b79d6f59e28d73a7a7769e65c60b5e785f83d28e7d09cd4f68c903290302d68b1f3
SSDEEP

98304:7lSDHUWb5JX09MLEwE8iQSHPRR6w68owtVaYTNd8:78ThHk9MXEhvHOYhd8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/SalesAndTales/SalesAndTales/TalesAndSales.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/SalesAndTales/SalesAndTales/TalesAndSales.exe

Files

SalesAndTales.zip
.zip
SalesAndTales/SalesAndTales/Readme.txt
SalesAndTales/SalesAndTales/TalesAndSales.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 26KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 654B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ