General
-
Target
installer.zip
-
Size
14.9MB
-
MD5
34dd7c466a92e70931da8c25f6c868d4
-
SHA1
504f97ec4277aa3c11a1faf78a0fbe83247f90db
-
SHA256
0430e3f5efcf76f7e5fbcd83f5a0db059a207b6601056ba78f0df17580abe51b
-
SHA512
7e14e0484fff3c70e722b1c9cb0bd49fe6f3f4cfddccec339e0e494d2c565c5a2ca27ba5181376881fbaa91308b757d04d248eb56732d68152b2cc67c26cbb59
-
SSDEEP
393216:2AuDSB93YDzIxIkAeTXgSpKbfE8DgyWz4gzV:2NydrxIkgSph8DgyWztR
Malware Config
Signatures
-
resource yara_rule static1/unpack001/installer_v472/Installer_x64.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/installer_v472/Installer_x64.exe
Files
-
installer.zip.zip
Password: 123abc
-
installer_v472/Installation Guide.txt
-
installer_v472/Installer_x64.exe.exe windows:4 windows x64 arch:x64
Password: 123abc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 10.4MB - Virtual size: 10.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 38KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 7.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ