Synapse Z[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Synapse Z.zip
Size

4.1MB
MD5

1648c2ea58b12e3d61d21cdc3086c80b
SHA1

8a8e2b1a7e5ed9b954bd77b8c93ad177c5107062
SHA256

a041944cc4947e6b3cb4fc7c45279567592d81db51820677dbb184e8ed6fb952
SHA512

122dd31419ad89e19881e8ca4add1aaafd1d7cff1547f23794bccc05320b0d8b1f232444d0ca965157c6cfb082cc1c8afa3e18987a82490fbfd526685c042f56
SSDEEP

98304:aXX7ISsDWxizP1KOvfUTsEBi9VSNPxq4K1180K+X5JiLGdsf8+BcTRA:anKzNKO1gPxe7DXKLGd+8cH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/SynapseLauncher.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SynapseLauncher.exe

Files

Synapse Z.zip
.zip

Password: 1
SynapseLauncher.exe
.exe windows:6 windows x64 arch:x64

Password: 1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 299KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 89KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
redeem.cmd
resethwid.cmd

Sharing

General

Malware Config

Signatures

Files

Password: 1

Password: 1

Headers

DLL Characteristics

File Characteristics

Sections

Size: 299KB - Virtual size: 585KB

Size: 89KB - Virtual size: 167KB

Size: 1KB - Virtual size: 7KB

Size: 15KB - Virtual size: 25KB

Size: 512B - Virtual size: 488B

Size: 1KB - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 16B - Virtual size: 4KB