HorizonUpdated[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

HorizonUpdated.exe
Size

6.2MB
MD5

85d153363588cad0dd5c3ea1d26bddbb
SHA1

c7a23d27cdebfc2417b270fa219e11cd84fdf22b
SHA256

2c90f6122311e85fb93348cf3d204ed85f85e59730dce45dfd1761d7adf9d5d5
SHA512

06c826fab50ff392e84de07d937024debb622882044cca7c1272820d682415d1eb7e8beeff66e95452396878f5e6c944adb2e62c46a4ecbff88a670b511a23ff
SSDEEP

196608:9C6mXpAzaps4JqfzBCXj6z14oNcqYjLSySrn:9dmZbSHq+pDNAPe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HorizonUpdated.exe

Files

HorizonUpdated.exe
.exe windows:6 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

OPENSSL_Applink

Sections

Size: 1.6MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 422KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 172KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 84KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 1.6MB - Virtual size: 3.9MB

Size: 422KB - Virtual size: 1.1MB

Size: 172KB - Virtual size: 343KB

Size: 84KB - Virtual size: 145KB

Size: 512B - Virtual size: 480B

Size: 21KB - Virtual size: 40KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 16B - Virtual size: 4KB