c2711020a200464ec45cfafb9776b1b5[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2711020a200464ec45cfafb9776b1b5.exe
Size

6.4MB
MD5

e2d6b8ef16657b66957e70eeaeff6faf
SHA1

69af2e08f3f46b5fffc0b6ac9d4749b097c560f3
SHA256

20a3381929574b6e35fb3eecc2e6329b1dfbe67997635113c721fd7fe86e0db2
SHA512

e4e5e661b167445f09ae61cc09a6b175e9306661d94b6d62d2af520d174b722e6726502ebd4c6cb968edd4caa3d737fef67f387a6a710885e8777da96ae06451
SSDEEP

98304:DgR7LxTdHUx5j7lYnOsQ3WtHt3F6OFTTMlUb6XQoV6YzGR9epy:KLxTu/jZekWtN1VElEMIYqR9e4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

c2711020a200464ec45cfafb9776b1b5.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 37KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ