Behavioral task
behavioral1
Sample
309e4ea19ba356adc5feefaa7eb007d0N.exe
Resource
win7-20240704-en
General
-
Target
309e4ea19ba356adc5feefaa7eb007d0N.exe
-
Size
4.4MB
-
MD5
309e4ea19ba356adc5feefaa7eb007d0
-
SHA1
97100e03cf570bf130eacc8c8cfcc1f32225848b
-
SHA256
f9aa48492ced2a941d23b5b4e2229c27b6694394520acb5476161385950850ba
-
SHA512
17d11d992701e9688d91c075c5127dc6632d1b25384dc924b738ec0471fc40a19d6f6cb7f758f1caa128177f1f2f3fbdc5345a88f180e47bc8d43a84cd801343
-
SSDEEP
98304:Kmh6TS5JkwZ19/6aqSRNq7u9hFDvYo9zaGZv3/RhPA0s0gWiI:n6+TNLRNEqYo9/vRq0s09iI
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 309e4ea19ba356adc5feefaa7eb007d0N.exe
Files
-
309e4ea19ba356adc5feefaa7eb007d0N.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 153KB - Virtual size: 168KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 149KB - Virtual size: 156KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.vm_sec Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 157KB - Virtual size: 157KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 7.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ