7ee351ef3ae1f46e2aa958c36fd03b1b2b3b37a9e3ba6d4d0f46fa920900dcb3[.]zip

General

Target

7ee351ef3ae1f46e2aa958c36fd03b1b2b3b37a9e3ba6d4d0f46fa920900dcb3.zip
Size

6.8MB
MD5

82e746c0a740f26f1e0665eb73a5adc5
SHA1

06b2cda5301e89dd2460eea59358926a28a5ae1b
SHA256

ac2a4b9f971a815d80ac61ba89ae440ecae65cf5799c12d0c18cb764bbbab3c6
SHA512

1c9d15eab5d4e2223650278f842e478a310677fd381e2605e480cd037048d45d74974ea0645a57223c1acae99f732ce63396148d23e42e3cf50b12fa49f7b376
SSDEEP

196608:AEuJBlgA/5HEyPOQArBAsAJHr0+KTgWgYbolVXsq:3crxHTOtrBABoDTuYbonXZ

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/7ee351ef3ae1f46e2aa958c36fd03b1b2b3b37a9e3ba6d4d0f46fa920900dcb3	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7ee351ef3ae1f46e2aa958c36fd03b1b2b3b37a9e3ba6d4d0f46fa920900dcb3

7ee351ef3ae1f46e2aa958c36fd03b1b2b3b37a9e3ba6d4d0f46fa920900dcb3.zip
.zip

Password: infected
7ee351ef3ae1f46e2aa958c36fd03b1b2b3b37a9e3ba6d4d0f46fa920900dcb3
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ