windows_update[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

windows_update.bin
Size

3.4MB
MD5

9e78ed405e72f424f4f67d40a7c78857
SHA1

a530781e06668750be976fe1ed545a3f43d833f3
SHA256

e8e4a4c7c5c593136058722cabe2d42631feffde95d923f5fd7020b0c7286f22
SHA512

cfb9c85bdcb36a1962f6230c9ea1505534689b15f55175f5e77f685472081c7630bbd1f0ef9154fa11849e6285062125902b7808c646125de759b65827b964b7
SSDEEP

24576:h6I27w1KdkKRiCbm4LRYykRPCG0uy4aBKaYK+6koDbYW4c7IPsPWzEUAzgiBlkbw:h6DVYv6ft4odbRaG34nSqkbosa8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

windows_update.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 592KB - Virtual size: 591KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 9KB

.bss Size: - Virtual size: 14KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 41KB - Virtual size: 40KB

.rsrc Size: 200KB - Virtual size: 200KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

.text
Size: 592KB - Virtual size: 591KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB

.bss
Size: - Virtual size: 14KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 200KB - Virtual size: 200KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB