CloudWare[.]exe | Triage

Sharing

General

Target

CloudWare.exe
Size

4.4MB
MD5

05c3c77aaa506ab0c4e3843753c7ede4
SHA1

5b067f0b0d97a7a7f617f89b043209c09157fe32
SHA256

fc25988009a922636bbff1bae10c81bd29a9cc5dec7c731d6eae2c26b7fbd2e0
SHA512

520bc2d0fa5ecdd86eaba7a159840c7cd8eaf668d950c68bb3f88029d173f6afe04cc839dc36e0f30902f989f86b4e32d7b60d045c674c34dc5df5574e03caff
SSDEEP

98304:KQGyk/JdYF4ZtmD4fiKzSCrQtaIoZ4SbxJsm0E42RjolX4wGtS7UQ:KQfkhdYaZq4fRSGQAIqFd0c2lbT7H

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

CloudWare.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ