Behavioral task
behavioral1
Sample
mi_855 865 870_bypass.exe
Resource
win7-20240221-en
General
-
Target
mi_855 865 870_bypass.exe
-
Size
5.2MB
-
MD5
f93efd608096df31865b2dfd709bc312
-
SHA1
23335dbdad1df85352f5b0f79756fc8696d46393
-
SHA256
3e42544d302e1b8860d25ed1fc55050d8cdc8584c444e6a470de1c4f8d60739c
-
SHA512
b680c7e4e9fb1390dfc9fe642e1ebb6f25311ff13109b85424ac8022cd8b415b66dfcf1a8afe15d49916591d87951716b2e6becd4362f9ee96a3722a4d1b1de2
-
SSDEEP
98304:MaZWTd4PR3z5Q6iV9E+bTdbrZU8b+tlcdx+00lOfnmpf+M1i2e2v9zdcLR/:MaZWx4P15FiVmudbFdb8xBYUe2lBcLR
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource mi_855 865 870_bypass.exe
Files
-
mi_855 865 870_bypass.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 168KB - Virtual size: 322KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 32KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 532KB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 32KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ