Behavioral task
behavioral1
Sample
无害_protected.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
无害_protected.exe
Resource
win10-20240404-en
General
-
Target
无害_protected.exe
-
Size
6.4MB
-
MD5
617d7e84ac9e7c4cbedba55ced5bb5a2
-
SHA1
2d9b72a58083cd74f4bd807d01cf184d65f07af7
-
SHA256
d034874dfb3d1ee5a2a8c7cff1959c9a02c5b3c812e9dba87690faee7a5205fa
-
SHA512
4dfe2970dc80d6f7bcbfa224403b688c6d01f5d72c898e601da95f1189b81451dac51d55842348286dd28c2058748eb3ed28c4ad0a60cf472c3ed71867fdea2e
-
SSDEEP
98304:NL3DiZ2oVX3iK62RPbT14vInBQ1kyToUa+iXX+XlkUiYFH//yfpoG87UeibVcgl:N822bzuvIngkyTdS+XQYp/Spn879Lg
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 无害_protected.exe
Files
-
无害_protected.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 63KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 10.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ