AstroProxy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AstroProxy.exe
Size

3.8MB
MD5

0b68f11dd8767ef82e23c245f41fd2d5
SHA1

e11e097b1c646e3734cc9acac054882e8d08ef73
SHA256

059cb91ca06f6ae64bcf9f839afd0d5a670a1aae65c9e0797b3750de70df73bc
SHA512

2dae3e55a5b290cb27b3bf6f06b916b1c3fd8fa68876b473958dd3ec30a348b94a66f2624d96d2f756fe9f2317ff2a8c204f74fe823ddc55380a68a51f6d3a91
SSDEEP

49152:1Gejqjdzle5keXNCv5cm0RAMNtLRmy1xUeG8l+LvsLT5EkWFM7ZSq+ocTsnAvuRd:s8u+5ke9CF0nNtLLU7birPSocvOBLWo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AstroProxy.exe

Files

AstroProxy.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 49KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 146KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 49KB - Virtual size: 90KB

Size: 14KB - Virtual size: 37KB

Size: 512B - Virtual size: 6KB

Size: 3KB - Virtual size: 4KB

Size: 512B - Virtual size: 500B

Size: 1024B - Virtual size: 792B

Size: 146KB - Virtual size: 218KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 218KB - Virtual size: 218KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 218KB - Virtual size: 218KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 16B - Virtual size: 4KB