revengerat | eb443a1c7b58fbaa19b881df3108ca044a7cffd4[.]rl[.]zip | Triage

Sharing

General

Target

eb443a1c7b58fbaa19b881df3108ca044a7cffd4.rl.zip
Size

2.6MB
MD5

b608ed0618d454f8a76e2fb155626855
SHA1

57fc57fb165c290df69767cd6378990062945e0c
SHA256

aa02c20205915a494154dac55a1956d4465937d7c5fc139866b9500bea6e8872
SHA512

85f9a7d46b8e7a19e6be2819df2b107ef79db54858baaffeb418ac06ca188d3c33eedd97723d686b7a3f64ff4ec1a6e5b52d1f606d63387ce6759cd4ece13850
SSDEEP

49152:9Sp6Le0uS+OK4Zy/OXbMbk5xeyTflq4EgRy1MoL4tcqdRmEdQHAAocwccN:oS+OK4Z8kzZxrEgRyqoL4GoQgABw5

Score

10^/10

themida revengerat

Malware Config

Signatures

Revengerat family
revengerat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/eb443a1c7b58fbaa19b881df3108ca044a7cffd4.rl	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eb443a1c7b58fbaa19b881df3108ca044a7cffd4.rl

Files

eb443a1c7b58fbaa19b881df3108ca044a7cffd4.rl.zip
.zip

Password: infected
eb443a1c7b58fbaa19b881df3108ca044a7cffd4.rl
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ