Monkichi[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Monkichi.exe
Size

3.7MB
MD5

d8312b522c0907cd727ae90d97786a23
SHA1

367760cf99efe525753800c0ad411cab07a55afa
SHA256

f5dd4f3cdb29b73bd824a72fb5871f99fd56770dbb9207c007d742d126c582d5
SHA512

d575fec235eaf04ec1c36e239afb234f497aee4dbd5f251daf2ea66cc9b455f445c73a35042db0deceb8ab08616968cb38b54794c2b9969b9a0a9ac9f8410e89
SSDEEP

98304:TkQ+5CCsK0zrw+Ibqe20Y97ltNmO3aCmh:4QCsK0vlIb2b7BbqFh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Monkichi.exe

Files

Monkichi.exe
.exe windows:6 windows x64 arch:x64

Password: test

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 384KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 304KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 320KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test

Headers

DLL Characteristics

File Characteristics

Sections

Size: 384KB - Virtual size: 958KB

Size: 304KB - Virtual size: 530KB

Size: 320KB - Virtual size: 425KB

Size: 25KB - Virtual size: 45KB

Size: 275B - Virtual size: 488B

Size: 2KB - Virtual size: 6KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB