49e8e9f6fa2dbb81c88eaa93d8e1b43a8f68cbc6e2ffb770709022f7df2c98fc[.]exe | Triage

Sharing

General

Target

49e8e9f6fa2dbb81c88eaa93d8e1b43a8f68cbc6e2ffb770709022f7df2c98fc.exe
Size

2.3MB
MD5

bf9bfd6f3dece9aed8eb5b4e991cf21a
SHA1

617583d1a27470e0a5c7eef163a190a5d50bc85e
SHA256

49e8e9f6fa2dbb81c88eaa93d8e1b43a8f68cbc6e2ffb770709022f7df2c98fc
SHA512

52d178414e159572e09fa7300681253cc674a70a9a4309ec82a6e3b43c8a2dcaffa7939c574066e9ca0195cdb096386b08881e999e5624b66d09142ca12a4d16
SSDEEP

49152:mj9IdKB/3ymg1gKRPZJQpZNLdWMW/4KwKLJP05GzqHqrjTcNQ8GN:mj9IdKRk1f8pn/RQt9z2gcy8G

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

49e8e9f6fa2dbb81c88eaa93d8e1b43a8f68cbc6e2ffb770709022f7df2c98fc.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 656KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 61KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 336KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ