malware_smoke_2393619482 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

malware_smoke_2393619482
Size

5.4MB
MD5

13eb2e91aa3d02bac10f6b674ef081f5
SHA1

35c6cd907ae9cb545096a8fa52b5aeeeaeadcfeb
SHA256

b31ba58340b15e89c9d610c55fadc95d485c9b55cee97fd9597a5e49daa47748
SHA512

b0b5a4cc9334277e66ee0c7401fa62409e0c9eaabe34071555d635e5baaf64fddf30da7e7caeaec33427114266094d03f72b1dd9ddbbce89d7d1b5ed823bfcfd
SSDEEP

98304:GoRWEg4+xxPLgp2sqsVwpVlXWbDdFbNRyWdVvhiq36:/LqTeisapVYDb31d9sp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

malware_smoke_2393619482
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ