0b929885c415fab75cb7a45609b5b419[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b929885c415fab75cb7a45609b5b419.zip
Size

3.0MB
MD5

40443087f19335390f94b9006c69a97a
SHA1

c1c0407a80e52263a968bbf0068fe3eee03a2d9c
SHA256

58b0a61177e760f6dbdd5a67c9c791b30d26d1320e55bf2388bdc1b9c4935be6
SHA512

618777d7f70feabfa33445001051b55122985aef473f4c867d8e6b2983eeb7cc47fb5a07bbb640b1f21c303fa143f37ab95aa6c07f69460584c88b9482d55327
SSDEEP

49152:hKojQ0gipwAeZYDLrwnBXqlgue9kLbUQlMhvdphP1pg9FR9p66+qdj6u+aveIQ/u:Yf03wAeZYDL68g19TAavHR1pg9FRp+md

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/ecba14f22692df756b5d1f26b5235e29abf91e9a5557ceb9a1bc83d09bc47cc4	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ecba14f22692df756b5d1f26b5235e29abf91e9a5557ceb9a1bc83d09bc47cc4

Files

0b929885c415fab75cb7a45609b5b419.zip
.zip

Password: infected
ecba14f22692df756b5d1f26b5235e29abf91e9a5557ceb9a1bc83d09bc47cc4
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 671B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ