Behavioral task
behavioral1
Sample
TMPB125.exe
Resource
win7-20240704-en
General
-
Target
Spectral Solutions Spoofer.rar
-
Size
8.0MB
-
MD5
6621189ea794fd6981c655b3c90d81e4
-
SHA1
3032e099956e6fa2bb30e6eb6ac21b4c5082ebad
-
SHA256
3ed4d5a8baac20e8226e93b307c6e9e8c821be7f09ed725317d7fd5dd754e69c
-
SHA512
15e61207877fe9471b971107add33598bdc74fda65287657708ee9a77258da3792311569846bf8c914b395d6c203634ce35697bc2ea7cbd458af398267c8276f
-
SSDEEP
196608:xXPUl0FI5ZqTEjYsQvclq/9UJGaL25IxhEWSYQAwC:xPUSFI1j9QvTO52FZA9
Malware Config
Signatures
-
resource yara_rule static1/unpack001/TMPB125.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/TMPB125.exe
Files
-
Spectral Solutions Spoofer.rar.rar
-
CAuth.h
-
Colors.h
-
DiamorphineGuard.h
-
OtherStuff.h
-
TMPB125.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 10KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 5.0MB - Virtual size: 5.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 808B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 275B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 140B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
antidisassembly.cpp
-
auth.hpp
-
cfflattener.cpp
-
custom_entry.cpp
-
cweFRfIW
-
gui.cpp.js
-
iat.cpp
-
includes.h
-
lazy.h
-
lea.cpp
-
main.cpp
-
mov.cpp
-
obfuscator.cpp
-
obfuscator.h
-
pe.cpp
-
pe.h
-
skStr.h
-
utils.hpp