76db8b8f5f662468585c316ec5782322[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

76db8b8f5f662468585c316ec5782322.zip
Size

3.4MB
MD5

d6c9c57c58f1189d9ae5f7ef50441dbf
SHA1

d667558f44f93d3374ffa05111edc82e95e159e1
SHA256

5d7931308cf7e8d73c6b22710591d4d887e80613e3c77785b7eb3f529809f168
SHA512

a259959a1e328f1fb2a1eca9623c812dca1ae62ad8de867e26f0ed2492495b596901fba963639ae560566b83b1de64330a384be33bc8915ad858efa8c0234b43
SSDEEP

98304:mcm48iAWmlRwnTU6LykRHr5ywzJQbl13NvVg88vPeI:N8qmlRwnTUGHrLQbldNuvX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/515728503652d8c128d23c56dbc2246d57bc20fd702072d39dbda555e407d99b	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/515728503652d8c128d23c56dbc2246d57bc20fd702072d39dbda555e407d99b

Files

76db8b8f5f662468585c316ec5782322.zip
.zip

Password: infected
515728503652d8c128d23c56dbc2246d57bc20fd702072d39dbda555e407d99b
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 840KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 193KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 462KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 36KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 840KB - Virtual size: 1.8MB

Size: 193KB - Virtual size: 512KB

Size: 4KB - Virtual size: 46KB

Size: 462KB - Virtual size: 1.1MB

Size: 36KB - Virtual size: 78KB

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 89KB - Virtual size: 89KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 16B - Virtual size: 4KB

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 89KB - Virtual size: 89KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 16B - Virtual size: 4KB