rat[.]rar | Triage

Resubmissions

17/10/2024, 22:16

241017-16vh7szdjc 9

17/10/2024, 22:13

241017-15fcwssgnl 7

Sharing

Copy URL Twitter E-mail

General

Target

rat.rar
Size

3.8MB
MD5

4038d4cd9a02e8242854e94d7f0309b7
SHA1

ad525384cb5608c0f86efeec11d29ed78d1ebb8d
SHA256

6c23e4d609b9348d9ea209665ff7a9d85fb478afdd4e27c31214211e1a5917d3
SHA512

982e3b9d7501521c1b84d5381719ee0fce027d7875a258c31c5b7fd90da563543261856e4b3f20764556c184bc511dbf477852ceb5b7ad8710107cc2be1227c0
SSDEEP

98304:Zw2KAu2GcXyYL1ry2eLAn734SUSuy5q6gm621851:Z5KT2GcXrw2er5SuyA/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/rat/Loader_protected.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rat/Loader_protected.exe

Files

rat.rar
.rar
rat/Loader_protected.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 923KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 243KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
rat/txt.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 923KB - Virtual size: 1.7MB

Size: 243KB - Virtual size: 496KB

Size: 6KB - Virtual size: 43KB

Size: 512B - Virtual size: 488B

Size: 59KB - Virtual size: 75KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 16B - Virtual size: 4KB