240618-rfnhjaxanf_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240618-rfnhjaxanf_pw_infected.zip
Size

26.0MB
MD5

4adb426381dcd23f45a61edc964bc8a2
SHA1

1b7f6b854eeecc608f87f5350dbbe586cd56ef75
SHA256

795379e6b9f712ada6f6cc200745bb33afa383aa24ff2104771ecc0f70397b03
SHA512

d97f49da69a97c588d3ff1db533898fe2cf41a1cd65eb4aadb364ed768ac47bae41947e77cd6bb45c198759e31cd31b19822d2b98353db4a01e91419ba151863
SSDEEP

393216:uS03GZnHQvrukHVkmAbG1JZiRxDck8tGmguCKBRE0OzUrVZK+HRe6smmlzNG6OeE:v0WOZK81J06hGmJRZTZ1gLz9raoqZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/WZAgent.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WZAgent.exe

Files

240618-rfnhjaxanf_pw_infected.zip
.zip

Password: infected
WZAgent.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 21.6MB - Virtual size: 21.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ