New_Order[.]exe | Triage

Resubmissions

25-01-2022 16:56

220125-vf2xpsbeb5 9

11-01-2022 16:17

220111-trh4asgcb9 9

Sharing

General

Target

New_Order.exe
Size

2.6MB
MD5

3b585ac87a4c039f3685c66cadc62960
SHA1

a7f60a4dd8931e81b736adc744a4e709e8c5ffe7
SHA256

60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3
SHA512

bf2c4dea4cf1174562b60a6793111aa486e512c4a2e4da1d227ff3852a2c8e7892f1a3bc8ec2eb1315ebaa353f13fa684bade76b4c9c807cf0e86b5ac3903dfd
SSDEEP

49152:boDdi2ZjLftH3PkhfKBn6AsIfCmoIdjCBUVie0z95Ma/Kodb3EXVICQkEGtN:edi2JJ3QXq8IUaotz9aalUXVik/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

New_Order.exe
.exe windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 408KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 770B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ