5a3076aabd6921cb9c0b0fd24e1ef23e90abc1736ccb4d3abecd1af2aafd8e37[.]exe | Triage

Sharing

General

Target

5a3076aabd6921cb9c0b0fd24e1ef23e90abc1736ccb4d3abecd1af2aafd8e37.exe
Size

2.5MB
MD5

61a8ec81c089852fdcb14baaeb75bc63
SHA1

3a022b517a8e8030e0e2679abcb9655eb268a2f0
SHA256

5a3076aabd6921cb9c0b0fd24e1ef23e90abc1736ccb4d3abecd1af2aafd8e37
SHA512

7ac5abc614dd5c292d4a2285612bc1047ebc4a9d93fcfdce8d524b8eb654566000f9f9f48e19a3d07a5046544b3b498f0a6309dd4f58260f57c050bd5dbe98c7
SSDEEP

49152:eAzniM/t7sj31n7HEkJbjloay0/UXQE/7LgmlT+IjwAMcf6V9TQtWmezNj3:RziM/BsjFnbEqhMXQqRXdf0iUB7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

5a3076aabd6921cb9c0b0fd24e1ef23e90abc1736ccb4d3abecd1af2aafd8e37.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 653KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 61KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 102KB - Virtual size: 867KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ