loader[.]exe | Triage

Resubmissions

28/10/2022, 20:44

221028-zjmz6sfbbr 9

28/10/2022, 20:43

221028-zhrxqsefe6 9

28/10/2022, 20:42

221028-zg7a2aefc3 9

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

19.9MB
MD5

93f697d35b618d4a9d9cc6985835152e
SHA1

e18847a42574d884c6d54af382a990ebbb76c9b1
SHA256

52d5e26c96024b1a911604c61b2f7ab091794388d99f55a67d742242145cde2e
SHA512

a659cdf22b90e7fac551c77ad00d46e9d0d638b0c11162626611215e713027d86aadd2edcb132fc8cdf1440bb8e5b2a99e9215967fbcbc24752dbcb85fb4ff86
SSDEEP

393216:J5QJbhZRGeQ0XUifWKL2Vmd6ml/m3pVNjTTUv9V7B9BJH39xapIeft:JeLGIfWKyVmdXKVNXQ77B1X4Iel

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

loader.exe
.exe windows x64

Password: esa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 86KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 33KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 459B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 130B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 746B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: esa

Headers

DLL Characteristics

File Characteristics

Sections

Size: 86KB - Virtual size: 160KB

Size: 33KB - Virtual size: 71KB

Size: 459B - Virtual size: 64KB

Size: 4KB - Virtual size: 8KB

Size: 130B - Virtual size: 244B

Size: 746B - Virtual size: 1KB

Size: 1KB - Virtual size: 1KB

.imports Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.5MB - Virtual size: 3.5MB

.taggant Size: 8KB - Virtual size: 8KB

.imports
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.5MB - Virtual size: 3.5MB

.taggant
Size: 8KB - Virtual size: 8KB