UFEDLoader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UFEDLoader.exe
Size

150.1MB
MD5

20c17aa3f720fb891dadee2e3d217352
SHA1

12fdaa4282ea9f5ac8b1c46c34f36315b0d259a0
SHA256

5a1eeafc9839289f5afffa873c899f6cc2db1e631c7924f749c4c75c2a6c6221
SHA512

62abd2871267d496e06ea895adfb5ccfb1e4462a5cf907708bacc70a18cdba9f579c9b9293e9bcfb5950b7320bf455541b26ce00f6a66513be89d9fb22ae47a0
SSDEEP

1572864:YqQr039NxgSo5YSm1ohVOfI4v8IvFs9z4+AsQnu2S0P6aLTGCj+2qoelBl3JqmFz:YzZ5I1A4fI4EqS9yuX0ian03khPUrom

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

UFEDLoader.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 268B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 146.7MB - Virtual size: 146.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ