Behavioral task
behavioral1
Sample
5c44cec83a227b7ca24ac5debc9f2a70N.exe
Resource
win7-20240708-en
General
-
Target
5c44cec83a227b7ca24ac5debc9f2a70N.exe
-
Size
3.0MB
-
MD5
5c44cec83a227b7ca24ac5debc9f2a70
-
SHA1
e52c496e218aad4016d843b6ad8495ae8565564f
-
SHA256
ae4e173fade01d653a50c4a02e879dc665391c5e47927ea97d28c6666037c352
-
SHA512
e15bcbab9068fe1331a283a5bde73700edb1a861685da1923a28d3e2e17623e0ac1beb494a5684b8689e718eaae22d3dad03ab7edd90acc02778f315edb7bd18
-
SSDEEP
49152:jUQOmmKFrLkTRM+1TUKGHDLxdA7SkQhhSsFPWAYWQ+vKO7fPw19G:jEmmKFrLwRb0HHA7SkQhhSsfvnwO
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5c44cec83a227b7ca24ac5debc9f2a70N.exe
Files
-
5c44cec83a227b7ca24ac5debc9f2a70N.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 45KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 40KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ