Swifty Modified Ring-1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Swifty Modified Ring-1.exe
Size

28.2MB
MD5

5a1caa32d02121d00b6c7be9dd7a3010
SHA1

3c4d3cab3efd3c57106d128c3d15febde3a071d2
SHA256

1160d1bcca49b04359e0b1cf1aeed3ab936f5fa48289dfe98f31ca50966dd108
SHA512

0f4ebaeaa9ac8a6d58d4bd12fe8384c9262e0d4a048a9c04c59a71d78b29b47d9bd95cad32793cc364c8210b63e791665ece42498c0e0d490e79eb5f5d82bf41
SSDEEP

786432:n746blMK6IS3r7m1z2cuJeE895y+OEj51Erx6Rh3hY:746bZSe1zpuJeVjyxs5j36

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Swifty Modified Ring-1.exe

Files

Swifty Modified Ring-1.exe
.exe windows:6 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 3.2MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3.2MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 65KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 154KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 15.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Headers

DLL Characteristics

File Characteristics

Sections

Size: 3.2MB - Virtual size: 6.8MB

Size: 3.2MB - Virtual size: 4.3MB

Size: 65KB - Virtual size: 2.8MB

Size: 154KB - Virtual size: 257KB

Size: 512B - Virtual size: 500B

Size: 11.8MB - Virtual size: 11.8MB

Size: 40KB - Virtual size: 98KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 15.0MB

.boot Size: 9.7MB - Virtual size: 9.7MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 15.0MB

.boot
Size: 9.7MB - Virtual size: 9.7MB

.reloc
Size: 16B - Virtual size: 4KB