Kristal_Obufscator[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kristal_Obufscator.exe
Size

3.7MB
MD5

0c494b4606eaf00ebd21fd5806b358c0
SHA1

7da903e3e2bd52ad6b62b21c847b7b4c07bf1290
SHA256

f33c53a350932ec132f317a4ca77307a89519f34b5fa3019d154c19bcc543e6c
SHA512

8d587bdc4f61154b5c5dcc197c4e6877fa1af14645437c31fea24d77b63750d7c12100a8ed47ddc3823ef926cd68b1d1c9d12ed51ad4536854334a17bf15cb28
SSDEEP

49152:jVmn7yweURAlETyeZBQWwZw7W3HbmnWl86xpZW7R54OrKikCx7EK99iJiNWWH4Uc:B47yaj9Lwd7P8dN5HsC5Z99Ma8t

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Kristal_Obufscator.exe

Files

Kristal_Obufscator.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 51KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ